Skip to content
  • Emanuele Aina's avatar
    Fix HTTPS detection when running behind a proxy · 75b6f9ca
    Emanuele Aina authored
    In production the application is currently run behind a TLS-terminating nginx
    proxy which forces the `Host` header and sets the `X-Forwarded-For` and
    `X-Forwarded-Proto` headers.
    
    However, nothing on the application side handles the `X-Forwarded-*` headers,
    causing authentication against GitLab through OAUth2 to fail since the
    generated callback URL uses plain `http://` while OAuth2 requires it to
    be `https://`
    
    , yielding the `The redirect URI included is not valid`
    error message.
    
    This adds a `PROXY_COUNT` environment variable to be set to the number of
    trusted proxies in front of the application. It defaults to zero to to avoid
    issues if malicious actors set the headers above in a non-proxied setup.
    
    Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
    75b6f9ca