jeffemmett
/
rfiles-online
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CSRF 403 behind Cloudflare tunnel — add X-Forwarded-Proto header via Traefik middleware 

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jeff Emmett 2026-02-21 18:34:48 -07:00
parent c4ac33bd7c
commit 522340507a
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docker-compose.prod.yml
View File

@ -76,6 +76,9 @@ services:
# Main router (via Cloudflare tunnel → port 80) # Main router (via Cloudflare tunnel → port 80)
- "traefik.http.routers.rfiles.rule=Host(`rfiles.online`) || Host(`www.rfiles.online`) || HostRegexp(`{subdomain:[a-z0-9-]+}.rfiles.online`)" - "traefik.http.routers.rfiles.rule=Host(`rfiles.online`) || Host(`www.rfiles.online`) || HostRegexp(`{subdomain:[a-z0-9-]+}.rfiles.online`)"
- "traefik.http.routers.rfiles.entrypoints=web" - "traefik.http.routers.rfiles.entrypoints=web"
# Pass X-Forwarded-Proto so Django CSRF works behind Cloudflare tunnel
- "traefik.http.middlewares.rfiles-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.rfiles.middlewares=rfiles-headers"
# Direct upload router (bypasses Cloudflare, TLS via Let's Encrypt) # Direct upload router (bypasses Cloudflare, TLS via Let's Encrypt)
- "traefik.http.routers.rfiles-direct.rule=Host(`direct.rfiles.online`)" - "traefik.http.routers.rfiles-direct.rule=Host(`direct.rfiles.online`)"
- "traefik.http.routers.rfiles-direct.entrypoints=websecure" - "traefik.http.routers.rfiles-direct.entrypoints=websecure"