From 2ca4aa08def00f98f8b5c4031ca6cc850196673c Mon Sep 17 00:00:00 2001 From: Eduard Heimbuch Date: Mon, 15 Mar 2021 15:48:47 +0100 Subject: [PATCH] Enhance reverse proxies documentation --- docs/en/administration/reverse-proxies.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/en/administration/reverse-proxies.md b/docs/en/administration/reverse-proxies.md index 11d5e60c71..792fb9b13c 100644 --- a/docs/en/administration/reverse-proxies.md +++ b/docs/en/administration/reverse-proxies.md @@ -7,6 +7,7 @@ displayToc: true SCM-Manager can run behind any reverse proxy, but a few rules must be respected. The reverse proxy should not encode slashes and the `X-Forwarded-For` and `X-Forwarded-Host` headers must be send to SCM-Manager. If the proxy uses a different protocol as the SCM-Manager e.g. https on proxy and http on scm-manager, the `X-Forwarded-Proto` header must be send too. +If `XSRF protection` is enabled on the SCM-Manager server, the cookie has to be `HttpOnly=false` and must not be modified. ## nginx