For context, I have my Discourse test site running in a Proxmox container behind Nginx (npmplus) on a different server on the same network (but not subnet). Not really anything special. I tried enabling force-https but I kept getting a bunch of CSRF validation errors so I just disabled it again because it wasn’t worth a fight. Regardless of any of that, the site works on https fine because Nginx/Cloudflare are both set up for it properly:
Is there a workaround that doesn’t involve fighting with npmplus for hours to get Discourse CSRF validation to stop complaining about anything? This thread is not for debugging npmplus or SSL, I simply want to fix Discourse ID.
The error message Discourse ID returned is complaining that the site’s Redirect URI must be https, so you need to turn on force_https, or otherwise indicate via your proxy configuration the requests are coming in via https.
Huh, guess I never noticed any of that. As I said, I tried enabling force_https, but I kept getting CSRF errors doing anything. Maybe the normal nginx variables just don’t work on npmplus (according to the instructions that say so right above) then because this is the config I was using:
I think the issue right now is just weirdness with the variables npmplus is exposing. I had a working config before but I lost it and am not really sure what to do at the moment, I settled on the following but don’t want to enable the setting until I’m 100% sure it’ll work to avoid BAD CSRF and a trip to the rails console to fix it yet again.
