-
Emanuele Aina authored
In production the application is currently run behind a TLS-terminating nginx proxy which forces the `Host` header and sets the `X-Forwarded-For` and `X-Forwarded-Proto` headers. However, nothing on the application side handles the `X-Forwarded-*` headers, causing authentication against GitLab through OAUth2 to fail since the generated callback URL uses plain `http://` while OAuth2 requires it to be `https://` , yielding the `The redirect URI included is not valid` error message. This adds a `PROXY_COUNT` environment variable to be set to the number of trusted proxies in front of the application. It defaults to zero to to avoid issues if malicious actors set the headers above in a non-proxied setup. Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>
75b6f9ca