lnbits icon indicating copy to clipboard operation
lnbits copied to clipboard
verified publisher icon lnbits

LNURLDevice: Callback URL scheme

Open dennisreimann opened this issue 3 years ago • 3 comments

I'm running LNbits v0.8.0 with the LNURDevice extension and am using the latest LNPoS version to connect to it.

I noticed that the LNURL callback URL scheme is http, though the LNURL API request is called with https. Example

Also the resulting successAction.url is http, even when called with https, see this example.

Same is true for the LNURL-Withdraw URLs.

dennisreimann avatar Jun 07 '22 20:06 dennisreimann

Hi, there is an env var that must be set true. Unfortunately I cannot look it up right now and I don't remember it fully, something like FREE and IP. Sorry, but maybe that gives you a hint in the right direction.

schneimi avatar Jun 08 '22 14:06 schneimi

The example env doesn't contain anything along those lines, but it has a LNBITS_FORCE_HTTPS setting. I'm running LNbits as an app on Umbrel, will need to dig a bit to find how this is configurable there.

However, I think the proper way to solve it is to pick up the scheme, host, port and basepath of the incoming request and respond with the same. I'd be willing to do a PR, but it seems to be a bit more involved and I'd appreciate more pointers on how to handle this properly.

dennisreimann avatar Jun 08 '22 15:06 dennisreimann

Ok , found it in #470. It's not a LNBITS env. FORWARDED_ALLOW_IPS: "*"

Yes, it would help alot if there would be better HTTPS support by default. Had a hard time as well to find out about this.

schneimi avatar Jun 08 '22 18:06 schneimi