Fix short URL redirect when PATH_INFO is empty string

.github/workflows/docker.yml

@@ -7,10 +7,12 @@ on:
 
 env:
   IMAGE_NAME: xmrpay
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    environment: DOCKER
     permissions:
       contents: read
       packages: write

README.md

@@ -145,7 +145,7 @@ xmrpay.link/
 ## Self-Hosting
 
 ```bash
-git clone https://gitea.schmidt.eco/schmidt1024/xmrpay.link.git
+git clone https://github.com/schmidt1024/xmrpay.git
 cd xmrpay.link
 # Serve with any web server that supports PHP
 # No build tools, no npm, no database required

api/_helpers.php

@@ -14,13 +14,19 @@ function send_security_headers(): void {
 
 // ── Origin verification ───────────────────────────────────────────────────────
 function verify_origin(): void {
-    $allowed = [
-        'https://xmrpay.link',
-        'http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion',
-    ];
     $origin = $_SERVER['HTTP_ORIGIN'] ?? '';
     // Allow same-origin (no Origin header from direct same-origin requests)
     if ($origin === '') return;
+
+    // Dynamically allow the host this instance runs on
+    $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
+    $self_origin = $scheme . '://' . ($_SERVER['HTTP_HOST'] ?? '');
+
+    $allowed = [
+        $self_origin,
+        'https://xmrpay.link',
+        'http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion',
+    ];
     if (!in_array($origin, $allowed, true)) {
         http_response_code(403);
         echo json_encode(['error' => 'Origin not allowed']);

i18n.js

@@ -13,7 +13,7 @@ var I18n = (function () {
 
   var VERSION = '1.0.0';
 
-  var footer = 'Open Source &middot; No Tracking &middot; No KYC<br /><a href="https://gitea.schmidt.eco/schmidt1024/xmrpay.link" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a><br /><span class="version">v' + VERSION + '</span>';
+  var footer = 'Open Source &middot; No Tracking &middot; No KYC<br /><a href="https://github.com/schmidt1024/xmrpay" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a><br /><span class="version">v' + VERSION + '</span>';
 
   var translations = {
     en: {

index.html

@@ -115,7 +115,7 @@
   </main>
 
   <footer>
-    <p data-i18n-html="footer">Open Source &middot; No Tracking &middot; No KYC<br /><a href="https://gitea.schmidt.eco/schmidt1024/xmrpay.link" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a><br /><span class="version">v1.0.0</span></p>
+    <p data-i18n-html="footer">Open Source &middot; No Tracking &middot; No KYC<br /><a href="https://github.com/schmidt1024/xmrpay" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a><br /><span class="version">v1.0.0</span></p>
   </footer>
 
   <div class="lang-picker" id="langPicker">

install.sh

@@ -7,7 +7,7 @@ set -e
 DOMAIN="${1:-}"
 INSTALL_DIR="/opt/xmrpay"
 IMAGE="schmidt1024/xmrpay:latest"
-COMPOSE_URL="https://raw.githubusercontent.com/schmidt1024/xmrpay.link/master/docker-compose.yml"
+COMPOSE_URL="https://raw.githubusercontent.com/schmidt1024/xmrpay/master/docker-compose.yml"
 
 # ── Helpers ───────────────────────────────────────────────────────────────────
 

privacy.html

@@ -198,7 +198,7 @@
   </main>
 
   <footer>
-    <p data-i18n-html="footer">Open Source &middot; No Tracking &middot; No KYC &middot; <a href="https://gitea.schmidt.eco/schmidt1024/xmrpay.link" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a></p>
+    <p data-i18n-html="footer">Open Source &middot; No Tracking &middot; No KYC &middot; <a href="https://github.com/schmidt1024/xmrpay" target="_blank" rel="noopener noreferrer">Source</a> &middot; <a href="http://mc6wfeaqc7oijgdcudrr5zsotmwok3jzk3tu2uezzyjisn7nzzjjizyd.onion" title="Tor Hidden Service">Onion</a> &middot; <a href="/privacy.html">Privacy &amp; Terms</a></p>
   </footer>
 
   <div class="lang-picker" id="langPicker">

s.php

@@ -1,5 +1,5 @@
 <?php
-$pathInfo = isset($_SERVER['PATH_INFO']) && is_string($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : null;
+$pathInfo = isset($_SERVER['PATH_INFO']) && is_string($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] !== '' ? $_SERVER['PATH_INFO'] : null;
 $queryCode = isset($_GET['c']) && is_string($_GET['c']) ? $_GET['c'] : '';
 $code = trim($pathInfo ?? $queryCode, '/');