From cff68a8cb0a076c14ee510902ffd6c75ee98436f Mon Sep 17 00:00:00 2001
From: Tobias Wilken <tooangel@tooangel.de>
Date: Sat, 14 Feb 2026 07:05:40 +0100
Subject: [PATCH] fix: strip content-encoding headers in proxy to prevent
 decoding errors

Node's fetch() automatically decompresses responses, but the proxy was
forwarding the original content-encoding header. This caused browsers to
attempt double decompression, resulting in ERR_CONTENT_DECODING_FAILED
for larger responses like the repositories endpoint.
---
 server/proxy.js | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/server/proxy.js b/server/proxy.js
index 14b5591..f47d4f5 100644
--- a/server/proxy.js
+++ b/server/proxy.js
@@ -71,9 +71,18 @@ async function handleProxy(req, res) {
     }
     console.log(`[Proxy] Response status: ${response.status}`);
 
-    // Copy response headers (excluding set-cookie which we handle separately)
+    // Copy response headers, excluding:
+    // - set-cookie: handled separately for auth
+    // - content-encoding: fetch() auto-decompresses, so body is already plain
+    // - content-length: no longer accurate after decompression
+    const skipHeaders = new Set([
+      'set-cookie',
+      'content-encoding',
+      'content-length',
+      'transfer-encoding',
+    ]);
     response.headers.forEach((value, key) => {
-      if (key.toLowerCase() !== 'set-cookie') {
+      if (!skipHeaders.has(key.toLowerCase())) {
         res.setHeader(key, value);
       }
     });