fix: production CSRF, ProxyFix, and SSE streaming issues

2026-03-18 11:21:42 +02:00
parent 88cc92c252
commit aed02e36e5
10 changed files with 773 additions and 22 deletions
--- a/backend/wsgi.py
+++ b/backend/wsgi.py
@@ -1,7 +1,16 @@
 """WSGI entry point for Gunicorn."""
+from werkzeug.middleware.proxy_fix import ProxyFix
+
 from app import create_app

 app = create_app()

+# Trust the X-Forwarded-* headers set by nginx so Flask sees the real
+# scheme (https), host, and client IP.  This is essential for:
+#  - SESSION_COOKIE_SECURE to work behind the reverse proxy
+#  - CSRF cookie secure flag
+#  - Talisman force_https detection
+app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
+
 if __name__ == "__main__":
    app.run(host="0.0.0.0", port=5000)