chore: removes https enforcement from management api (#5810)

2026-04-26 11:48:27 -05:00 · 2025-05-16 01:10:04 +05:30
parent 00dfa629b5
commit 5aeb92eb4f
1 changed files with 1 additions and 26 deletions
@@ -12,13 +12,12 @@ import {
  isClientSideApiRoute,
  isForgotPasswordRoute,
  isLoginRoute,
-  isManagementApiRoute,
  isShareUrlRoute,
  isSignupRoute,
  isSyncWithUserIdentificationEndpoint,
  isVerifyEmailRoute,
 } from "@/app/middleware/endpoint-validator";
-import { E2E_TESTING, IS_PRODUCTION, RATE_LIMITING_DISABLED, SURVEY_URL, WEBAPP_URL } from "@/lib/constants";
+import { IS_PRODUCTION, RATE_LIMITING_DISABLED, SURVEY_URL, WEBAPP_URL } from "@/lib/constants";
 import { isValidCallbackUrl } from "@/lib/utils/url";
 import { logApiError } from "@/modules/api/v2/lib/utils";
 import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
@@ -28,24 +27,6 @@ import { NextRequest, NextResponse } from "next/server";
 import { v4 as uuidv4 } from "uuid";
 import { logger } from "@formbricks/logger";

-const enforceHttps = (request: NextRequest): Response | null => {
-  const forwardedProto = request.headers.get("x-forwarded-proto") ?? "http";
-  if (IS_PRODUCTION && !E2E_TESTING && forwardedProto !== "https") {
-    const apiError: ApiErrorResponseV2 = {
-      type: "forbidden",
-      details: [
-        {
-          field: "",
-          issue: "Only HTTPS connections are allowed on the management endpoints.",
-        },
-      ],
-    };
-    logApiError(request, apiError);
-    return NextResponse.json(apiError, { status: 403 });
-  }
-  return null;
-};
-
 const handleAuth = async (request: NextRequest): Promise<Response | null> => {
  const token = await getToken({ req: request as any });

@@ -132,12 +113,6 @@ export const middleware = async (originalRequest: NextRequest) => {
    },
  });

-  // Enforce HTTPS for management endpoints
-  if (isManagementApiRoute(request.nextUrl.pathname)) {
-    const httpsResponse = enforceHttps(request);
-    if (httpsResponse) return httpsResponse;
-  }
-
  // Handle authentication
  const authResponse = await handleAuth(request);
  if (authResponse) return authResponse;