~tsileo/microblog.pub#133: 
Reverse proxy with Apache and Uvicorn Content Security Issues

I am running the instance via supervisord and using uvicorn, which I am proxying via Apache. This works alright except that I cannot submit anything as it gives me a "Content Security Error" I have found a work around by enabling Header set Content-Security-Policy: "default-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;" but i get this error

The information you have entered on this page will be sent over an insecure connection and could be read by a third party.

what is the correct way to proxy these requests so the site can be functional

Status
RESOLVED NOT_OUR_BUG
Submitter
~microblogcurious
Assigned to
No-one
Submitted
1 year, 1 month ago
Updated
1 year, 1 month ago
Labels
No labels applied.

~microblogcurious 1 year, 1 month ago*

Found the issue. There was a single missing statement in the apache conf

RequestHeader set X-Forwarded-Proto: "https"

~tsileo REPORTED NOT_OUR_BUG 1 year, 1 month ago

Register here or Log in to comment, or comment via email.