When using FusionAuth behind a proxy, you'll need to add various headers including X-Forwarded-Proto, X-Forwarded-Port and X-Forwarded-Host respectively depending upon your configuration.
If you are missing X-Forwaded-Proto the proxy warning in the admin UI may incorrectly report you are missing X-Forwarded-Port.
This is not functionally a problem, but it may be confusing for the user.
Issue 2
Not all proxies will add X-Forwarded-Port, some will only add X-Forwarded-Protoand assume you can infer the port when the value is https.
Others may add the port to the X-Forwarded-Host header and not add a discrete value for X-Forwarded-Port.
Cover these cases in the proxy test and the CSRF validation to behave better with more proxies w/out additional configuration.
What happened?
Issue 1
When using FusionAuth behind a proxy, you'll need to add various headers including
X-Forwarded-Proto
,X-Forwarded-Port
andX-Forwarded-Host
respectively depending upon your configuration.If you are missing
X-Forwaded-Proto
the proxy warning in the admin UI may incorrectly report you are missingX-Forwarded-Port
.This is not functionally a problem, but it may be confusing for the user.
Issue 2
Not all proxies will add
X-Forwarded-Port
, some will only addX-Forwarded-Proto
and assume you can infer the port when the value ishttps
.Others may add the port to the
X-Forwarded-Host
header and not add a discrete value forX-Forwarded-Port
.Cover these cases in the proxy test and the CSRF validation to behave better with more proxies w/out additional configuration.
Version
1.49.0
Affects Versions
All