Improve some front end views. More descriptive error condition reporting. Updates to CLINCH_HOST for better WEBAUTHN

app/controllers/api/csp_controller.rb

@@ -10,6 +10,13 @@ module Api
       report_data = JSON.parse(request.body.read)
       csp_report = report_data['csp-report']
 
+      # Validate that we have a proper CSP report
+      unless csp_report.is_a?(Hash) && csp_report.present?
+        Rails.logger.warn "Received empty or invalid CSP violation report"
+        head :bad_request
+        return
+      end
+
       # Log the violation for security monitoring
       Rails.logger.warn "CSP Violation Report:"
       Rails.logger.warn "  Blocked URI: #{csp_report['blocked-uri']}"

app/controllers/api/forward_auth_controller.rb

@@ -221,7 +221,9 @@ module Api
 
       # Try CLINCH_HOST environment variable first
       if ENV['CLINCH_HOST'].present?
-        "https://#{ENV['CLINCH_HOST']}"
+        host = ENV['CLINCH_HOST']
+        # Ensure URL has https:// protocol
+        host.match?(/^https?:\/\//) ? host : "https://#{host}"
       else
         # Fallback to the request host
         request_host = request.host || request.headers['X-Forwarded-Host']