This pull request strengthens authentication and reverse proxy support in the API, and removes the legacy Nginx configuration. The main improvements are enhanced cookie management for authentication, proper handling of logout behind a reverse proxy, and support for forwarded headers. These changes help ensure secure and reliable authentication when the application is deployed behind a proxy, and simplify deployment by removing the old Nginx config.
Authentication and Cookie Management:
- Added explicit
LogoutPathand set the cookie path to/in the cookie authentication options to ensure proper logout and cookie scoping. - Implemented an
OnSigningOutevent to ensure the authentication cookie is correctly deleted on logout, especially when running behind a reverse proxy.
Reverse Proxy Support:
- Integrated the
ForwardedHeadersmiddleware and configured it to accept forwarded headers for client IP, protocol, and host, clearing known networks and proxies to allow any proxy. [1] [2] [3]
Configuration Cleanup:
- Removed the legacy
nginx.conffile, which previously handled static file serving, API proxying, and asset caching.Added ForwardedHeaders middleware and configuration to support reverse proxy scenarios. Improved cookie authentication by specifying logout path, cookie path, and ensuring proper cookie deletion on logout. Removed nginx.conf file.
Automated nightly build