From a066be93b0dbb70ead9b7ab758c332b764b98400 Mon Sep 17 00:00:00 2001
From: otaconix <stefanhetzwaantje@gmail.com>
Date: Sun, 16 Jul 2023 14:50:42 +0200
Subject: Add OIDC_X_FORWARDED_HEADERS environment variable (fixes #5516)
 (#5523)

* Add OIDC_X_FORWARDED_HEADERS environment variable (fixes #5516)

The mod_auth_oidc needs an additional directive (`OIDCXForwardedHeaders`)
in case FreshRSS is running behind a reverse proxy, so it knows what host,
protocol and port were used to access it. This information is then used
in the `redirect_uri` when directing the user agent (browser) to the identity
provider for authentication.

Please note that, if you are running FreshRSS behind a reverse proxy that
handles TLS, you may need to update your identity provider's configuration so
it accepts `https://...` as a `redirect_uri`.

* Add link to mod_auth_openidc's documentation for the OIDCXForwardedHeaders Apache configuration directive

* Minor spelling

---------

Co-authored-by: Stefan Zwanenburg <stefan@zwanenburg.info>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---
 Docker/FreshRSS.Apache.conf | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Docker')

diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf
index 0f9b8e3fa..9330a17f4 100644
--- a/Docker/FreshRSS.Apache.conf
+++ b/Docker/FreshRSS.Apache.conf
@@ -41,6 +41,10 @@ TraceEnable Off
 	<IfDefine !Test_${VStart}OIDC_SCOPES${VEnd}>
 		OIDCScope "${OIDC_SCOPES}"
 	</IfDefine>
+	Define "Test_${OIDC_X_FORWARDED_HEADERS}"
+	<IfDefine !Test_${VStart}OIDC_X_FORWARDED_HEADERS${VEnd}>
+		OIDCXForwardedHeaders ${OIDC_X_FORWARDED_HEADERS}
+	</IfDefine>
 
 	OIDCRefreshAccessTokenBeforeExpiry 30
 </IfDefine>
-- 
cgit v1.2.3