fix: usr: another attempt to fix the email assets #4

config/packages/framework.yaml

@@ -10,6 +10,8 @@ framework:
 
   # Trust headers from reverse proxy (Caddy)
   # This ensures absolute_url() uses HTTPS scheme when behind a reverse proxy
+  # Production: TRUSTED_PROXIES from .env (Gitea secret)
+  # Development: TRUSTED_PROXIES from compose.override.yaml
   trusted_proxies: '%env(TRUSTED_PROXIES)%'
   trusted_headers: ['x-forwarded-for', 'x-forwarded-proto', 'x-forwarded-host', 'x-forwarded-port']
 

config/packages/prod/framework.yaml

@@ -0,0 +1,8 @@
+framework:
+  # In production with FrankenPHP, the reverse proxy (Caddy) is in the same container
+  # Requests come from 127.0.0.1, so we must trust that IP to process X-Forwarded-Proto headers
+  # TRUSTED_PROXIES is set in the .env file (stored in Gitea secrets)
+  # Typical value for Docker: 172.18.0.0/16 (or the specific Docker network CIDR)
+  # This must be provided by the PROD_ENV_FILE secret in Gitea
+  trusted_proxies: '%env(TRUSTED_PROXIES)%'
+  trusted_headers: ['x-forwarded-for', 'x-forwarded-proto', 'x-forwarded-host', 'x-forwarded-port']