fix: show login flashes and CSRF errors; proxy and cookie options for HTTPS deploys

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dekun
2026-05-12 15:53:12 +08:00
parent e3b9fca45d
commit a5e1e94fb2
4 changed files with 45 additions and 0 deletions
+7
View File
@@ -17,3 +17,10 @@
# 调试:1 开启,勿在生产长期开启
# NAV_DEBUG=0
# 在 Nginx/Caddy 等反向代理后部署时:信任 X-Forwarded-*,以便 Cookie、CSRF 与 HTTPS 判断正确
# NAV_TRUST_PROXY=1
# 站点仅通过 HTTPS 对外时建议开启(浏览器只带 Secure Cookie
# NAV_SESSION_COOKIE_SECURE=1
# CSRF 校验仍失败时,可填前端访问的完整 Origin,多个用英文逗号分隔,例如:
# NAV_CSRF_TRUSTED_ORIGINS=https://nav.example.com