Description

reflection.js currently has an AWS IP address hardcoded for its backend communication, and it is using plain HTTP.

Because this is hardcoded, it exposes the internal infrastructure explicitly to clients. More importantly, using http:// instead of https:// makes network traffic (including project code sent to the /projectcode, /chat, and /analysis endpoints) vulnerable to Man-in-the-Middle (MITM) interception.

File Location:
js/widgets/reflection.js (around line 106)

// Currently hardcoded to AWS IP
this.PORT = "http://3.105.177.138:8000";