Closed MCOfficer closed 3 years ago
If AllTube is behind a reverse-proxy, it might not be able to detect that the original connection uses HTTPS. In this case, your reverse-proxy needs to set this header:
X-Forwarded-Proto: https
If AllTube is behind a reverse-proxy, it might not be able to detect that the original connection uses HTTPS. In this case, your reverse-proxy needs to set this header:
X-Forwarded-Proto: https
Yes, that did the trick, thank you!
I wasn't aware alltube also supports the X-Forwarded-Proto header. Could you please add this to the README? I can also open a PR if need be.
A PR would be welcome :slightly_smiling_face:
New issue
Your environment
Please answer these questions when reporting a new issue:
What is your operating system (Windows, Linux, OSX, etc.)?
Linux
What is your web server (Apache, IIS, etc.)?
Nginx as reverse proxy in front, your dockerized apache-based alltube behind it.
What version of AllTube are you using?
a8cc79a82c556d3ee36d8fd93bccdf064cf4bea8c09ce65ad0f60d9017dc5fc6 on docker hub, not sure how to find the program version. I'm assuming that's 3.0.0.
How did you install AllTube (with Git or with a release package)?
Pulled from docker hub, via docker-compose.
What version of PHP are you using?
whatever's in the image.
What version of Python are you using?
\^
What version of youtube-dl are you using?
\^
Do you get any PHP-related errors in your webserver's logs?
No.
What is the content of your
config/config.yml
file?the issue is reproducible without any config file, so whatever alltube's defaults are.
Please provide the URL of a video that causes the issue.
/
Describe your issue
I have AllTube set up as docker container behind an nginx reverse proxy, which also handles HTTPS. HTTP is permitted, but redirected to HTTPS. The communication between nginx and the alltube container is http.
To give alltube the correct context, I'm making use of the X-Forwarded-* headers, as suggested in the readme.
However, alltube serves an HTML with these resources:
And this CSP header:
Which both seems correct at first, but still my browser (Firefox 89) blocks the request to these 2 resources:
According to MDN,
self
is defined as (emphasis mine)So by my understanding, it should be
https://my.domain/alltube/css/style.css
.Specifying
X-Forwarded-Port: 443
doesn't help either, since it results in the following HTML, which also gets blocked:Any advice? Is this is a genuine bug, or simply erroneous setup?