From 89272afc17edcda0c4ab0e64ad54ba9997650915 Mon Sep 17 00:00:00 2001
From: Warren Chen <minchen898@gmail.com>
Date: Thu, 2 Apr 2026 02:41:46 +0900
Subject: [PATCH] Allow disabling HTTPS redirection via configuration

---
 src/SendEngine.Api/Program.cs | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/SendEngine.Api/Program.cs b/src/SendEngine.Api/Program.cs
index dc7b15e..5ec5ce3 100644
--- a/src/SendEngine.Api/Program.cs
+++ b/src/SendEngine.Api/Program.cs
@@ -33,6 +33,9 @@ if (string.IsNullOrWhiteSpace(jwtAuthority) &&
 }
 var signingKey = builder.Configuration["Jwt:SigningKey"];
 var useOidcJwks = !string.IsNullOrWhiteSpace(jwtAuthority) || !string.IsNullOrWhiteSpace(jwtMetadataAddress);
+var expectedIssuer = builder.Configuration["Jwt:Issuer"];
+var expectedAudience = builder.Configuration["Jwt:Audience"];
+var requireHttpsMetadata = builder.Configuration.GetValue("Jwt:RequireHttpsMetadata", false);
 
 if (!useOidcJwks && string.IsNullOrWhiteSpace(signingKey))
 {
@@ -44,10 +47,6 @@ if (!useOidcJwks && string.IsNullOrWhiteSpace(signingKey))
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
     .AddJwtBearer(options =>
     {
-        var expectedIssuer = builder.Configuration["Jwt:Issuer"];
-        var expectedAudience = builder.Configuration["Jwt:Audience"];
-        var requireHttpsMetadata = builder.Configuration.GetValue("Jwt:RequireHttpsMetadata", false);
-
         if (useOidcJwks)
         {
             if (!string.IsNullOrWhiteSpace(jwtAuthority))
@@ -127,7 +126,12 @@ if (app.Environment.IsDevelopment())
     app.UseSwaggerUI();
 }
 
-app.UseHttpsRedirection();
+var enableHttpsRedirection = builder.Configuration.GetValue("HttpsRedirection:Enabled", true);
+if (enableHttpsRedirection)
+{
+    app.UseHttpsRedirection();
+}
+
 app.UseAuthentication();
 app.UseAuthorization();
 app.Use(async (context, next) =>