[SOLVED] Neos behind a reverse proxy

I have a running neos instance behind an nginx reverse proxy. But for some reason I get crossorigin errors because the scripts and stylesheets are loaded over http://.

Why {f:uri.resource(path: 'style.css', package: 'My.Package')} doesn’t use https even though there is an existing domain entry with mypackage-mydomain-com | https://my-domain.com | active?

You have to set the environment variable FLOW_HTTP_TRUSTED_PROXIES to *, then it should work.

1 Like

Thanks a lot. This is working. But probably not production ready with wildcard? Its better to provide proxy ip?!


Yes. If you know the IP of the reverse proxy, always specify it either via the FLOW_HTTP_TRUSTED_PROXIES environment variable, or via the Neos.Flow.Http.TrustedProxies.* setting. This makes sure, that no other proxy (or malicious adversary) can override your request headers. See https://flowframework.readthedocs.io/en/stable/TheDefinitiveGuide/PartIII/Http.html#trusted-proxies for more information.