Solved: Bad CSRF when trying to use HTTPS


(Miguel David) #1

I have setup discourse with the following stack:

I wanted the website to be https (who does http anymore?), but quickly banged my head against the wall.

Solutions I found:

  • do NOT install docker.io from the apt Ubuntu repositories as it is not supported
  • do NOT add cloudflare template to app.yml
  • remove the lines everybody is saying to add: proxy_set_header X-Forwarded-Proto https; or as per template proxy_set_header X-Forwarded-Proto $thescheme;

The reason for the last two is that I was getting a Bad CSRF and the reason was (probably) because proxy headers were being changed mid-stream.

I hope this helps somebody not avoid all the time I wasted with what should be a simple one container setup.


(Bhanu Sharma) #2

Those aren鈥檛 solutions! those are workarounds with lethal conclusions!
Be prepared for rate limit lockouts! :wink: