Make websocket transport secure by default

2026-02-28 03:52:05 -05:00
parent 46fd9fe46f
commit cf54132c25
6 changed files with 14 additions and 7 deletions
--- a/server/config.example.toml
+++ b/server/config.example.toml
@@ -7,8 +7,8 @@ port = 8765
 [network]
 # Maximum inbound websocket message size in bytes.
 max_message_bytes = 2000000
-# If false, TLS cert and key are required and server runs as wss:// only.
-allow_insecure_ws = true
+# Secure-by-default: TLS is required unless you explicitly set this to true for local/dev.
+allow_insecure_ws = false

 [tls]
 # Required when allow_insecure_ws = false.