Unverified Commit fa168dda authored by Andrii Dmytrenko's avatar Andrii Dmytrenko
Browse files

Pass X-Forwarded-Proto if present or $scheme 

Rack::Protection::HttpOrigin is checking if the origin url (including the scheme) matches base url

https://github.com/sinatra/sinatra/blob/b801c6b76b89eb071e2b01700273054bbe8aae05/rack-protection/lib/rack/protection/http_origin.rb#L33
parent 9fbbd672

nginx.conf.template

+6 −0
Original line number Diff line number Diff line
@@ -70,6 +70,11 @@ http { 
  #

  underscores_in_headers on;



  map $http_x_forwarded_proto $thescheme {

      default $scheme;

      https https;

  }



  server {

    listen <NGINX_PORT> deferred;
@@ -83,6 +88,7 @@ http { 
      proxy_set_header X-Queue-Start "t=${msec}";



      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

      proxy_set_header X-Forwarded-Proto $thescheme;

      proxy_set_header X-Real-IP $remote_addr;



      # Pass the original host name through, this is important if downstream