Fix CSRF 403 behind Cloudflare tunnel — add X-Forwarded-Proto header via Traefik middleware

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 18:34:48 -07:00 · 2026-02-21 18:34:48 -07:00 · 522340507a
parent c4ac33bd7c
commit 522340507a
1 changed files with 3 additions and 0 deletions
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -76,6 +76,9 @@ services:
      # Main router (via Cloudflare tunnel → port 80)
      - "traefik.http.routers.rfiles.rule=Host(`rfiles.online`) || Host(`www.rfiles.online`) || HostRegexp(`{subdomain:[a-z0-9-]+}.rfiles.online`)"
      - "traefik.http.routers.rfiles.entrypoints=web"
+      # Pass X-Forwarded-Proto so Django CSRF works behind Cloudflare tunnel
+      - "traefik.http.middlewares.rfiles-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.routers.rfiles.middlewares=rfiles-headers"
      # Direct upload router (bypasses Cloudflare, TLS via Let's Encrypt)
      - "traefik.http.routers.rfiles-direct.rule=Host(`direct.rfiles.online`)"
      - "traefik.http.routers.rfiles-direct.entrypoints=websecure"