From f3e30a68d6aa82a0fc7b22772e13aedb3c8ac8c5 Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Sun, 4 Jan 2026 10:34:08 -0800
Subject: [PATCH] Enforce wss for api key

---
 src/widgets/truenas/proxy.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/widgets/truenas/proxy.js b/src/widgets/truenas/proxy.js
index 8bbf1b080..71f50fa9f 100644
--- a/src/widgets/truenas/proxy.js
+++ b/src/widgets/truenas/proxy.js
@@ -138,8 +138,9 @@ export default async function truenasProxyHandler(req, res, map) {
 
     try {
       let data;
-      const wsUrl = new URL(formatApiCall(widgets?.[widget.type]?.wsAPI, { ...widget }));
-      wsUrl.protocol = wsUrl.protocol === "https:" ? "wss:" : "ws:";
+      const wsUrl = new URL(formatApiCall(widgets[widget.type].wsAPI, { ...widget }));
+      const useSecure = wsUrl.protocol === "https:" || Boolean(widget.key); // API key requires secure connection
+      wsUrl.protocol = useSecure ? "wss:" : "ws:";
       logger.info("Connecting to TrueNAS websocket at %s", wsUrl);
       const ws = new WebSocket(wsUrl, { rejectUnauthorized: false });