Codex-generated pull request

[ctsunny]

Codex generated this pull request, but encountered an unexpected error after generation. This is a placeholder PR message.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b21c8978ca

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Stop exposing init token in redirect query params

In handleGenInstallCmd, the generated shell command (which includes --init-token) is placed into gen_cmd and then sent via 302 query string back to the admin page. That makes the token appear in browser history and typical access logs/proxy logs, so a credential that can authorize new client registration is leaked beyond the page itself. Render this value without putting it in the URL (for example, server-side flash state or direct template render after POST).

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Generate install URL from canonical external address

The install command now builds --server-url from requestScheme(r) and r.Host, which can be an internal HTTP upstream address when the panel is behind a reverse proxy that does TLS termination or host rewriting without forwarding headers. In that deployment pattern, generated commands point clients to an unreachable/wrong endpoint, whereas the previous browser-side generation used the externally visible URL. Use a canonical configured public URL (or robust forwarded-header parsing) for command generation.

Useful? React with 👍 / 👎.