Remove handler-level `trusted_proxies` configuration from ReverseProxyHandler that was
using an invalid object structure. Caddy's reverse_proxy handler expects trusted_proxies
to be an array of CIDR strings, not an object with {source, ranges}.
The server-level trusted_proxies configuration in config.go already provides equivalent
IP spoofing protection globally for all routes, making the handler-level setting redundant.
Changes:
- backend: Remove lines 184-189 from internal/caddy/types.go
- backend: Update 3 unit tests to remove handler-level trusted_proxies assertions
- docs: Document fix in CHANGELOG.md
Fixes: #[issue-number] (500 error when saving proxy hosts)
Tests: All 84 backend tests pass (84.6% coverage)
Security: Trivy + govulncheck clean, no vulnerabilities
- Updated the critical bug analysis document to reflect the root cause of the 500 error during proxy host save, which was identified as an invalid structure for `trusted_proxies` in the Caddy configuration.
- Removed the handler-level `trusted_proxies` configuration that was incorrectly set as an object instead of an array.
- Added detailed evidence analysis, root cause analysis, and proposed fixes to ensure proper regeneration of Caddy configuration after proxy host updates.
- Created a new document to summarize the previous investigation into the missing `X-Forwarded-Port` header in the Seerr SSO authentication flow.
