No way to trust an HTTP (without S) origin

[namthai-dev]

I deployed the app in production mode on an Ubuntu instance. When attempting to sign in or sign up using the dashboard, I encountered the following error message: Redirect URL not whitelisted. Did you forget to add this domain to the trusted domains list on the Stack Auth dashboard?

[fomalhautb]

Did you add your domain to the trusted domains?

[namthai-dev]

Did you add your domain to the trusted domains?

I manually updated the database to add it, but it seems the application requires HTTPS to be set as a trusted domain. The app crashes when I use HTTP because I am hosting it on a public IP.

This is what I have done:
I ran the app in development mode and registered a new account. Then, I accessed the database and updated the ProjectUser table to assign the "Stack Auth Dashboard" project to my user (with projectId set to "internal"). After that, I opened the project in the dashboard and added a trusted domain.

Suggestion:
I suggest seeding an admin account that's pre-assigned to the "Stack Auth Dashboard" project. This way, admin can access the dashboard to add a trusted domain and update the password later. Additionally, we can allow setting a default trusted domain via the .env file for easier configuration.

[N2D4]

Trusting HTTP domains is inherently insecure; we can probably add an option for non-production mode or for cases where you're sure HTTP is fine, but generally I'd recommend just getting a domain and a certificate.