marktvogt.de/web/serve.ts

import rawDeployConfig from './.deno-deploy/deploy.json' with { type: 'json' };
import rawSvelteData from './.deno-deploy/svelte.json' with { type: 'json' };
import { prepareServer } from './.deno-deploy/handler.ts';

const port = Number(Deno.env.get('PORT') ?? 8000);
const hostname = Deno.env.get('HOST') ?? '0.0.0.0';

const baseHandler = prepareServer(rawSvelteData, rawDeployConfig, Deno.cwd());

// Behind a TLS-terminating gateway the inbound request to the pod is plain
// HTTP, so req.url has scheme http and event.url.origin = http://marktvogt.de.
// SvelteKit's event.fetch then sets Origin: http://... on outbound calls,
// which the backend's CORS allowlist rejects.
//
// @deno/svelte-adapter 0.1.1 doesn't honor ORIGIN env or X-Forwarded-Proto on
// its own (unlike adapter-node), so we rewrite the request scheme here based
// on the trusted X-Forwarded-Proto header from the cluster ingress.
const handler: Deno.ServeHandler = (req, info) => {
	const forwardedProto = req.headers.get('x-forwarded-proto');
	if (forwardedProto) {
		const url = new URL(req.url);
		const scheme = forwardedProto.split(',')[0].trim();
		if (scheme && `${scheme}:` !== url.protocol) {
			url.protocol = `${scheme}:`;
			req = new Request(url.toString(), req);
		}
	}
	return baseHandler(req, info);
};

Deno.serve({ port, hostname }, handler);