fix: show login flashes and CSRF errors; proxy and cookie options for HTTPS deploys
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -17,3 +17,10 @@
|
||||
|
||||
# 调试:1 开启,勿在生产长期开启
|
||||
# NAV_DEBUG=0
|
||||
|
||||
# 在 Nginx/Caddy 等反向代理后部署时:信任 X-Forwarded-*,以便 Cookie、CSRF 与 HTTPS 判断正确
|
||||
# NAV_TRUST_PROXY=1
|
||||
# 站点仅通过 HTTPS 对外时建议开启(浏览器只带 Secure Cookie)
|
||||
# NAV_SESSION_COOKIE_SECURE=1
|
||||
# CSRF 校验仍失败时,可填前端访问的完整 Origin,多个用英文逗号分隔,例如:
|
||||
# NAV_CSRF_TRUSTED_ORIGINS=https://nav.example.com
|
||||
|
||||
Reference in New Issue
Block a user