Force request host/scheme to App__Domain behind a proxy

The cookie login redirect and other absolute URLs are built from Request.Host; behind a proxy that doesn't forward the Host header that's the internal IP:port, so hitting the domain 302'd to the server IP. Rewrite scheme+host to App__Domain on every request (after UseForwardedHeaders) so all generated URLs stay on the public domain. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-10 15:54:30 +02:00
parent 5f51e9d16d
commit e190e40b07
3 changed files with 26 additions and 0 deletions
@@ -309,6 +309,23 @@ var app = builder.Build();
 // Must run before anything that inspects the request scheme/IP (auth, OIDC, cookies).
 app.UseForwardedHeaders();

+// When App__Domain is set, rewrite every request's scheme + host to the public domain. The
+// framework builds absolute URLs (the cookie login redirect, the OIDC redirect_uri, …) from
+// Request.Scheme/Host; behind a proxy that doesn't forward the Host header these are the
+// internal host (server IP:port), so loading https://<domain>/ would 302 to http://<ip>:8080.
+// Forcing the host here keeps every generated URL on the public domain. Must run before auth.
+var publicBaseUri = appDomain.GetBaseUri();
+if (publicBaseUri is not null)
+{
+    var publicHost = HostString.FromUriComponent(publicBaseUri);
+    app.Use((context, next) =>
+    {
+        context.Request.Scheme = publicBaseUri.Scheme;
+        context.Request.Host   = publicHost;
+        return next(context);
+    });
+}
+
 // ── First-run bootstrap ───────────────────────────────────────────────────────
 // Seed a local admin when no users exist yet, so a plain-HTTP / LAN deployment that
 // can't use Microsoft OIDC (which requires HTTPS + a matching Entra redirect URI) can