HTTPS Redirect

RuniqueApp::builder(config)
    .middleware(|m| {
        m.with_csp(|c| {
            c.policy(SecurityPolicy::strict())
             // Enables "upgrade-insecure-requests" in the CSP header
             // + 301 HTTP → HTTPS redirect
             .with_upgrade_insecure(!is_debug())
        })
    })

// Runique must sit behind a reverse proxy (Nginx, Caddy, Railway...)
// that terminates TLS and forwards requests in HTTP.

// The proxy must send the header:
//   X-Forwarded-Proto: https

// Nginx example:
//   proxy_set_header X-Forwarded-Proto $scheme;

// Without a TLS proxy, with_upgrade_insecure(true) has no visible effect.