: Setting X-Forwarded-Proto under Apache 2.4 Ive been advised that I need to set the RequestHeader X-Forwarded-Proto for a node.js application (NodeBB) to resolve an issue with sessions / csrf tokens.
Ive been advised that I need to set the RequestHeader X-Forwarded-Proto for a node.js application (NodeBB) to resolve an issue with sessions / csrf tokens.
Here's the relevant excerpt from my apache2 config:
ProxyRequests off
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:4566/ [P,L]
RequestHeader set X-Forwarded-Proto "http"
ProxyPass / 127.0.0.1:4566/ ProxyPassReverse / 127.0.0.1:4566/
Apache version is 2.4.7
through a debugging proxy I can see the following headers in the response
HTTP/1.1 200 OK
Date: Wed, 03 Aug 2016 06:55:15 GMT
Server: Apache
X-Powered-By: Express
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: null
Content-Type: text/html; charset=utf-8
ETag: W/"3626-ETnKpHnKC8ul87CmR6NFUg"
Vary: Accept-Encoding
Content-Encoding: gzip
set-cookie: express.sid=s%3AYq3UdEAd4Cbwhc4-pMTrqqEp8ftUDeiu.CdipRmQptJlhnUG8ZhCSYgq%2FpCR0Kdmqx3Lrm5ABiSc; Domain=removed.com; Path=/; Expires=Wed, 17 Aug 2016 06:55:15 GMT; HttpOnly
Cache-Control: max-age=0, no-store
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
I think that is coming from Express js i.e. the node app but my understanding is that the Apache proxy directives should be passing a request header TO express so I'm not sure if I should also see the X-Forwarded-Proto header in the response too.
More posts by @Jessie594
1 Comments
Sorted by latest first Latest Oldest Best
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.