Secure web server binding and enforce HTTPS

google-labs-jules[bot] · antarr · google-labs-jules[bot] · commit 059669ab76e1 · 2026-05-08T04:02:16.000Z
- Remove hardcoded insecure HTTP binding to 0.0.0.0:8080 in Program.cs.
- Add app.UseHttpsRedirection() middleware to enforce secure traffic.
- Introduce appsettings.json with secure default Kestrel configuration (localhost only).

Co-authored-by: antarr &lt;974295+antarr@users.noreply.github.com&gt;
diff --git a/Withings.Example/Program.cs b/Withings.Example/Program.cs
@@ -37,6 +37,7 @@
 
 var app = builder.Build();
 
+app.UseHttpsRedirection();
 app.UseSession();
 
 app.MapGet("/", () => Results.Redirect("/api/oauth/authorize", permanent: true));
@@ -201,4 +202,4 @@
     return Results.Json(activity);
 });
 
-app.Run("http://0.0.0.0:8080");
+app.Run();
diff --git a/Withings.Example/appsettings.json b/Withings.Example/appsettings.json
@@ -0,0 +1,12 @@
+{
+  "Kestrel": {
+    "Endpoints": {
+      "Http": {
+        "Url": "http://127.0.0.1:8080"
+      },
+      "Https": {
+        "Url": "https://127.0.0.1:8081"
+      }
+    }
+  }
+}
