From 5e6bdf11eebcf0c11c3d476d8e8da0f0edcd7980 Mon Sep 17 00:00:00 2001
From: Dorian <dorian@Dorians-MacBook-Air.local>
Date: Wed, 1 Apr 2026 21:08:11 +0100
Subject: [PATCH] fix: revert to direct port access for app iframes

Proxy paths (/app/name/) break iframes due to root-relative asset
paths. Direct IP:port access works correctly over Tailscale and LAN.
This has been confirmed working on .228 via Tailscale DNS.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 neode-ui/src/views/appSession/appSessionConfig.ts | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/neode-ui/src/views/appSession/appSessionConfig.ts b/neode-ui/src/views/appSession/appSessionConfig.ts
index ba9b8c61..48e93cf4 100644
--- a/neode-ui/src/views/appSession/appSessionConfig.ts
+++ b/neode-ui/src/views/appSession/appSessionConfig.ts
@@ -145,15 +145,16 @@ export function resolveAppUrl(id: string, routeQueryPath?: string): string {
     }
   }
 
-  // Always use nginx proxy paths — direct port access fails over Tailscale/VPN
-  // and when ports aren't exposed externally
-  const proxyPathEntry = HTTPS_PROXY_PATHS[id]
-  if (proxyPathEntry) return `${window.location.origin}${proxyPathEntry}`
+  // HTTPS: use nginx proxy to avoid mixed content
+  if (window.location.protocol === 'https:') {
+    const httpsProxy = HTTPS_PROXY_PATHS[id]
+    if (httpsProxy) return `${window.location.origin}${httpsProxy}`
+  }
 
-  // Fallback: direct port (only for apps without a proxy path)
+  // HTTP: direct port access (iframes break with proxy paths due to root-relative assets)
   const port = APP_PORTS[id]
   if (!port) return ''
-  let base = `${window.location.protocol}//${window.location.hostname}:${port}`
+  let base = `http://${window.location.hostname}:${port}`
   if (routeQueryPath) base += routeQueryPath
   return base
 }