From f9547ffeff90095cd10d74ac64447be5189a6c54 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Mon, 23 Mar 2026 19:02:12 +0800
Subject: [PATCH 1/2] fix

---
 custom/conf/app.example.ini | 9 ++++-----
 modules/setting/server.go   | 2 +-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 9297f3d062721..29a231f08b9b8 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -69,13 +69,12 @@ RUN_USER = ; git
 ;; Most users should set it to the real website URL of their Gitea instance when there is a reverse proxy.
 ;ROOT_URL =
 ;;
-;; Controls how to detect the public URL.
-;; Although it defaults to "legacy" (to avoid breaking existing users), most instances should use the "auto" behavior,
+;; Controls how to detect the public URL. Most instances should use the "auto" behavior,
 ;; especially when the Gitea instance needs to be accessed in a container network.
-;; * legacy: detect the public URL from "Host" header if "X-Forwarded-Proto" header exists, otherwise use "ROOT_URL".
-;; * auto: always use "Host" header, and also use "X-Forwarded-Proto" header if it exists. If no "Host" header, use "ROOT_URL".
+;; * legacy: (default <= 1.25) detect the public URL from "Host" header if "X-Forwarded-Proto" header exists, otherwise use "ROOT_URL".
+;; * auto: (default >= 1.26) always use "Host" header, and also use "X-Forwarded-Proto" header if it exists. If no "Host" header, use "ROOT_URL".
 ;; * never: always use "ROOT_URL", never detect from request headers.
-;PUBLIC_URL_DETECTION = legacy
+;PUBLIC_URL_DETECTION = auto
 ;;
 ;; For development purpose only. It makes Gitea handle sub-path ("/sub-path/owner/repo/...") directly when debugging without a reverse proxy.
 ;; DO NOT USE IT IN PRODUCTION!!!
diff --git a/modules/setting/server.go b/modules/setting/server.go
index 7e7611b802d8d..f0fbbce970a4c 100644
--- a/modules/setting/server.go
+++ b/modules/setting/server.go
@@ -286,7 +286,7 @@ func loadServerFrom(rootCfg ConfigProvider) {
 
 	defaultAppURL := string(Protocol) + "://" + Domain + ":" + HTTPPort
 	AppURL = sec.Key("ROOT_URL").MustString(defaultAppURL)
-	PublicURLDetection = sec.Key("PUBLIC_URL_DETECTION").MustString(PublicURLLegacy)
+	PublicURLDetection = sec.Key("PUBLIC_URL_DETECTION").MustString(PublicURLAuto)
 	if PublicURLDetection != PublicURLAuto && PublicURLDetection != PublicURLLegacy && PublicURLDetection != PublicURLNever {
 		log.Fatal("Invalid PUBLIC_URL_DETECTION value: %s", PublicURLDetection)
 	}

From eefaea66104d88a68a0ce497a00d8cc81f04ce40 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Mon, 23 Mar 2026 19:37:27 +0800
Subject: [PATCH 2/2] fix test

---
 routers/web/admin/admin_test.go | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/routers/web/admin/admin_test.go b/routers/web/admin/admin_test.go
index a568c7c5c8186..ecdd462f9e735 100644
--- a/routers/web/admin/admin_test.go
+++ b/routers/web/admin/admin_test.go
@@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/services/contexttest"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestShadowPassword(t *testing.T) {
@@ -74,19 +75,29 @@ func TestShadowPassword(t *testing.T) {
 }
 
 func TestSelfCheckPost(t *testing.T) {
+	defer test.MockVariableValue(&setting.PublicURLDetection)()
 	defer test.MockVariableValue(&setting.AppURL, "http://config/sub/")()
 	defer test.MockVariableValue(&setting.AppSubURL, "/sub")()
 
-	ctx, resp := contexttest.MockContext(t, "GET http://host/sub/admin/self_check?location_origin=http://frontend")
-	SelfCheckPost(ctx)
-	assert.Equal(t, http.StatusOK, resp.Code)
-
 	data := struct {
 		Problems []string `json:"problems"`
 	}{}
-	err := json.Unmarshal(resp.Body.Bytes(), &data)
-	assert.NoError(t, err)
+
+	setting.PublicURLDetection = setting.PublicURLLegacy
+	ctx, resp := contexttest.MockContext(t, "GET http://host/sub/admin/self_check?location_origin=http://frontend")
+	SelfCheckPost(ctx)
+	assert.Equal(t, http.StatusOK, resp.Code)
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &data))
 	assert.Equal(t, []string{
 		ctx.Locale.TrString("admin.self_check.location_origin_mismatch", "http://frontend/sub/", "http://config/sub/"),
 	}, data.Problems)
+
+	setting.PublicURLDetection = setting.PublicURLAuto
+	ctx, resp = contexttest.MockContext(t, "GET http://host/sub/admin/self_check?location_origin=http://frontend")
+	SelfCheckPost(ctx)
+	assert.Equal(t, http.StatusOK, resp.Code)
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &data))
+	assert.Equal(t, []string{
+		ctx.Locale.TrString("admin.self_check.location_origin_mismatch", "http://frontend/sub/", "http://host/sub/"),
+	}, data.Problems)
 }