Open RobHofmann opened 6 days ago
@RobHofmann are you passing headers?
https://github.com/maybe-finance/maybe/issues/979#issuecomment-2233979007
For example, with Nginx:
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
maybe-finance:
rule: "Host(`maybe-finance.domain.local`)"
service: maybe-finance@file
tls: {}
entryPoints:
- https
middlewares:
- referrerPolicy
- compress
- ipWhitelisting
middlewares:
referrerPolicy:
headers:
referrerPolicy: "no-referrer"
compress:
compress: {}
ipWhitelisting:
ipAllowList:
sourceRange:
- 192.168.0.0/19
- 192.168.32.0/24
- 192.168.33.0/24
- 172.16.0.0/12
services:
maybe-finance:
loadBalancer:
passHostHeader: true
servers:
- url: http://maybe-finance:3000
This is how I have my config (which works for about 50 other applications). Do I need to do something special for this app?
@RobHofmann it looks like this may be the cause of this:
middlewares:
referrerPolicy:
headers:
referrerPolicy: "no-referrer"
I think if you switch this to referrerPolicy: "same-origin"
it should fix the issue.
By default, Rails uses the Referer header to make sure the POST request is coming from the same origin as the app. If it is disabled like this, it will receive a null
origin and throw this error as a way to protect against CSRF attacks.
Are you running other Rails apps successfully with this configuration? I would expect this configuration to throw this error in most Rails apps by default.
Describe the bug Getting an error when running through a reverse proxy like Traefik
To Reproduce Steps to reproduce the behavior:
Expected behavior Get a normal 200 OK response.
Additional context