[adapter-node] Post request is denied in local environment.

[basuke]

Describe the bug

When running node application in local environment, POST request such as form action won't be allowed in adapter-node environment. The error is 403 and following response.

{"message":"Cross-site POST form submissions are forbidden"}

Reproduction

Step:

1. Create SvelteKit demo project by npm create
2. cd to the dir, npm install, add adapter-node.
3. Change adapter to adapter-node in svelte.config.js
4. npm build
5. Run node build/
6. Go to Sverdle and post something. No answer is posted and see error message in dev tool's network tab.

Logs

No response

System Info

System:
    OS: macOS 13.4
    CPU: (8) arm64 Apple M1
    Memory: 71.75 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 16.17.1 - ~/.nvm/versions/node/v16.17.1/bin/node
    Yarn: 1.22.19 - ~/.nvm/versions/node/v16.17.1/bin/yarn
    npm: 9.6.7 - ~/.nvm/versions/node/v16.17.1/bin/npm
  Browsers:
    Chrome: 114.0.5735.106
    Firefox Developer Edition: 109.0
    Safari: 16.5
  npmPackages:
    @sveltejs/adapter-auto: ^2.0.0 => 2.1.0 
    @sveltejs/adapter-node: ^1.2.4 => 1.2.4 
    @sveltejs/kit: ^1.5.0 => 1.20.2 
    svelte: ^3.54.0 => 3.59.1 
    vite: ^4.3.0 => 4.3.9

Severity

serious, but I can work around it

Additional Information

The request.url should be http://localhost:3000/sverdle?/enter but actually protocol is https. The comparison with origin.url which is http://localhost:3000 did fail and it denies with 403 error.

[Conduitry]

This is the intended behavior. See https://kit.svelte.dev/docs/adapter-node#environment-variables-origin-protocol-header-and-host-header - the Node adapter by default assumes that your production app is behind an HTTPS proxy, but it can be configured to assume a different origin.

[basuke]

Make sense. Thanks