Open privacyguard opened 1 month ago
Thanks for the bug report.
There is effort made to actually also redo the whole docker setup, see PR: https://github.com/MbinOrg/mbin/pull/1085 (still a draft, and taken over from somebody else who left)
It's advised for now to use bare metal setup if possible.
We uncommented the x-forwarded-proto trusted header from config/packages/framework.yaml
Uncommented? You mean commented (so removing x-forward-proto as trusted header)?
Thanks. Yes we meant "commented out" not "uncommented". Edited.
Describe the bug After upgrading to 1.7.1, SSO logins on our production environment started failing due to a wrong redirect_uri. The HTTP schema in the redirect_uri started getting set to HTTP instead of HTTPS. This is related to the TRUSTED_PROXIES configuration.
We made sure the environment variable was set correctly (as described in the docker setup documentation):
Our reverse proxy was correctly adding the
x-forwarded-proto
header but the header seemed to be getting lost somewhere.It is possible that the
docker/caddy/Caddyfile
might be missing thetrusted_proxies
option for the reverse proxy header to be considered.Temporary Workaround We commented out the
x-forwarded-proto
trusted header fromconfig/packages/framework.yaml
Related PRs
Which Mbin version was running on the instance? 1.7.1
To Reproduce Steps to reproduce the behavior:
Expected behavior The redirect_uri schema should remain https based on the "HTTPS=TRUE" environment variable in docker compose.