I’ve had exactly the same issue after the upgrade to 2.5.0.beta4 (Moved site behind proxy, favicon and header not using https anymore - #7 by rossierd).
Were you able to fix the issue? I can imagine that the upgrade came with a new version of nginx (or its config) which leads to this issue (but pure hypothetical ;-))
I tried to find a way to disable CSRF in nginx (https://github.com/gartnera/nginx_csrf_prevent) but I think nginx must be recompiled, and I don’t know if we need the complete development environment of Discourse to do that.