When using FusionAuth behind a proxy, you'll need to add various headers including X-Forwarded-Proto, X-Forwarded-Port and X-Forwarded-Host respectively depending upon your configuration.
If you are missing X-Forwaded-Proto the proxy warning in the admin UI may incorrectly report you are missing X-Forwarded-Port.
This is not functionally a problem, but it may be confusing for the user.
Issue 2
Not all proxies will add X-Forwarded-Port, some will only add X-Forwarded-Protoand assume you can infer the port when the value is https.
Others may add the port to the X-Forwarded-Host header and not add a discrete value for X-Forwarded-Port.
Cover these cases in the proxy test and the CSRF validation to behave better with more proxies w/out additional configuration.
robotdan
commented
6 months ago
What happened?
Issue 1
When using FusionAuth behind a proxy, you'll need to add various headers including
X-Forwarded-Proto,X-Forwarded-PortandX-Forwarded-Hostrespectively depending upon your configuration.If you are missing
X-Forwaded-Protothe proxy warning in the admin UI may incorrectly report you are missingX-Forwarded-Port.This is not functionally a problem, but it may be confusing for the user.
Issue 2
Not all proxies will add
X-Forwarded-Port, some will only addX-Forwarded-Protoand assume you can infer the port when the value ishttps.Others may add the port to the
X-Forwarded-Hostheader and not add a discrete value forX-Forwarded-Port.Cover these cases in the proxy test and the CSRF validation to behave better with more proxies w/out additional configuration.
Version
1.49.0
Affects Versions
All