sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deploy): add ProxyHeadersMiddleware for HTTPS behind Caddy
Some checks failed
CI / ruff (push) Failing after 7s
Details
CI / dependency-scanning (push) Successful in 27s
Details
CI / audit (push) Successful in 8s
Details
CI / docs (push) Has been skipped
Details
CI / pytest (push) Failing after 22s
Details
CI / architecture (push) Failing after 9s
Details

Browse Source 
Caddy proxies HTTPS requests to FastAPI as HTTP on localhost:8001.
Without ProxyHeadersMiddleware, request.scheme stays "http" and
url_for() generates http:// URLs, causing mixed content blocking.

The middleware reads X-Forwarded-Proto from Caddy and sets the
correct scheme so all generated URLs use https://.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-12 23:51:29 +01:00
parent c58ceb9872
commit af3f04a23f
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
main.py
View File

@@ -26,6 +26,7 @@ from fastapi import Depends, FastAPI, HTTPException, Request, Response
from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import FileResponse, HTMLResponse, RedirectResponse
from fastapi.staticfiles import StaticFiles
from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware
from sentry_sdk.integrations.fastapi import FastApiIntegration
from sentry_sdk.integrations.sqlalchemy import SqlalchemyIntegration
from sqlalchemy import text
@@ -119,6 +120,7 @@ app.add_middleware(
# So we add them in REVERSE order of desired execution:
#
# Desired execution order:
# 0. ProxyHeadersMiddleware (trust X-Forwarded-Proto from Caddy)
# 1. PlatformContextMiddleware (detect platform from domain/path)
# 2. StoreContextMiddleware (detect store, uses platform_clean_path)
# 3. FrontendTypeMiddleware (detect frontend type using FrontendDetector)
@@ -163,9 +165,16 @@ app.add_middleware(StoreContextMiddleware)
logger.info("Adding PlatformContextMiddleware (detects platform from domain/path)")
app.add_middleware(PlatformContextMiddleware)
# Add proxy headers middleware (runs before all other middleware)
# Caddy proxies HTTPS → HTTP internally; this reads X-Forwarded-Proto
# so request.scheme = "https" and url_for() generates correct URLs
logger.info("Adding ProxyHeadersMiddleware (trust X-Forwarded-Proto from Caddy)")
app.add_middleware(ProxyHeadersMiddleware, trusted_hosts=["*"])
logger.info("=" * 80)
logger.info("MIDDLEWARE ORDER SUMMARY:")
logger.info(" Execution order (request →):")
logger.info(" 0. ProxyHeadersMiddleware (proxy headers)")
logger.info(" 1. LoggingMiddleware (timing)")
logger.info(" 2. PlatformContextMiddleware (platform detection)")
logger.info(" 3. StoreContextMiddleware (store detection)")