Fix CSRF 403 error when logging in behind Cloudflare/Traefik proxy

Force nginx X-Forwarded-Proto default to https since all traffic arrives through Cloudflare. The proxy chain was setting it to http, causing CSRF token origin mismatch. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-10 01:29:38 +00:00 · 2026-02-10 01:29:38 +00:00 · 2d64af148e
parent efac8782ac
commit 2d64af148e
1 changed files with 4 additions and 0 deletions
--- a/app.yml
+++ b/app.yml
@ -71,6 +71,10 @@ hooks:
 ## Memory limit: 2GB container + 2GB swap
 run:
  - exec: echo "Beginning of custom commands"
+  ## Fix CSRF issues behind Cloudflare/Traefik reverse proxy chain.
+  ## Force X-Forwarded-Proto to always be https since all external traffic comes via Cloudflare.
+  - exec:
+      cmd: sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf

 ## Traefik integration labels
 labels: