jeffemmett
/
cadcad-discourse-forum
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CSRF 403 error when logging in behind Cloudflare/Traefik proxy 

Force nginx X-Forwarded-Proto default to https since all traffic
arrives through Cloudflare. The proxy chain was setting it to http,
causing CSRF token origin mismatch.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jeff Emmett 2026-02-10 01:29:38 +00:00
parent efac8782ac
commit 2d64af148e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app.yml
View File

@ -71,6 +71,10 @@ hooks:
## Memory limit: 2GB container + 2GB swap ## Memory limit: 2GB container + 2GB swap
run: run:
- exec: echo "Beginning of custom commands" - exec: echo "Beginning of custom commands"
## Fix CSRF issues behind Cloudflare/Traefik reverse proxy chain.
## Force X-Forwarded-Proto to always be https since all external traffic comes via Cloudflare.
- exec:
cmd: sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf
## Traefik integration labels ## Traefik integration labels
labels: labels: