mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-07-09 16:08:31 +00:00
When DeerFlow's nginx runs behind another TLS-terminating reverse proxy (Pangolin/Traefik, Cloudflare, Caddy), every location block overwrote the already-correct X-Forwarded-Proto with $scheme (= http on the private hop). The Gateway then treated HTTPS browser traffic as HTTP: the auth-origin check rejected the login POST with 403 "Cross-site auth request denied", and session cookies lost the Secure flag and max-age. Preserve an upstream X-Forwarded-Proto via a map that falls back to $scheme when nginx is itself the TLS edge, so standalone `make dev` / Docker is unchanged. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| nginx.conf | ||
| nginx.local.conf | ||