Having trouble with Google auth. I’ve got a Google Cloud project, and after switching to the new domain, I also changed the redirect url under Client ID there, so currently it’s set to
Now the issue. When trying to “sign up with Google”, I get this error in Discourse:
https://forum.sugarmail.app/auth/failure?message=csrf_detected Authorization timed out, or you have switched browsers. Please try again.
When the forum was under the old domain, forum.skymail.app, Google auth worked without issue.
I did do ./launcher rebuild app after changing the domain, making sure to update the domain in app.yaml under DISCOURSE_HOSTNAME (in fact the forum wouldn’t load at all until I did that).
Plugins - no, not using any. About the only thing I did after installation was to enable Google auth (client id and secret) and enabling “always use https”.
Proxies - I’m using nginx as a reverse proxy (which also serves the main app site).
Let’s Encrypt in Discourse settings is not enabled. So the nginx inside the container is serving plain http, and the outside nginx add ssl termination.
These is almost same setup I had with the old domain, the only difference is “force https”.
Oh darn, it’s “force https” which I previously had off.
I enabled it recently, to avoid getting the warning in Chrome about “insecure page content” which was happening because of plain http links to images.
To reiterate, I do ssl termination in the “outside” nginx, and as far as Discouse itself goes, there is no ssl.
Turning off “force https” makes Google auth work again (I had to add a plain http redirect URL in the Google Cloud project).
But that’s not good because there will be “insecure site” / mixed content warnings as soon as there are images.
Is there a way to keep Google auth working with “force https” and ssl termination outside of Discourse?
( I’d use Discourse’s own ssl support except it assumes that it “owns” the domain, so I’d need to set up an additional IP address for this VPS and separate the main site and the forum… which is a bit of a chore… )