From: Grant Slater <github@firefishy.com>
Date: Sat, 21 Dec 2024 04:33:32 +0000 (+0000)
Subject: community: Fix CSRF issue with monkey patch fix
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/HEAD

community: Fix CSRF issue with monkey patch fix
---

diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb
index 5beef4802..c62d76a5d 100644
--- a/cookbooks/community/templates/default/web_only.yml.erb
+++ b/cookbooks/community/templates/default/web_only.yml.erb
@@ -133,3 +133,6 @@ hooks:
           resolver <%= @resolvers.join(" ") %>;
           resolver_timeout 5s;
           ssl_dhparam /shared/ssl/dhparam.pem;
+          # FIXME: Workaround CSRF issue. Monkey patch, need proper investigation and fix.
+          proxy_set_header Host $http_host;
+          proxy_set_header X-Forwarded-Proto $thescheme;