From 6062bf63d7599ae6f421e2e35d8f7857338e7d03 Mon Sep 17 00:00:00 2001
From: "DESKTOP-RTLN3BA\\$punk" <vermarohanfinal@gmail.com>
Date: Fri, 31 Oct 2025 00:24:53 -0700
Subject: [PATCH] feat: add ProxyHeadersMiddleware to support HTTPS redirects
 behind proxies

- Integrated ProxyHeadersMiddleware to ensure FastAPI correctly handles HTTPS in redirects when deployed behind a proxy, such as Cloudflare.
- This addition enhances security and proper URL handling in the application.
---
 surfsense_backend/app/app.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/surfsense_backend/app/app.py b/surfsense_backend/app/app.py
index d416ae62c..8d525d659 100644
--- a/surfsense_backend/app/app.py
+++ b/surfsense_backend/app/app.py
@@ -3,6 +3,7 @@ from contextlib import asynccontextmanager
 from fastapi import Depends, FastAPI, HTTPException, status
 from fastapi.middleware.cors import CORSMiddleware
 from sqlalchemy.ext.asyncio import AsyncSession
+from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware
 
 from app.config import config
 from app.db import User, create_db_and_tables, get_async_session
@@ -28,6 +29,10 @@ def registration_allowed():
 
 app = FastAPI(lifespan=lifespan)
 
+# Add ProxyHeaders middleware FIRST to trust proxy headers (e.g., from Cloudflare)
+# This ensures FastAPI uses HTTPS in redirects when behind a proxy
+app.add_middleware(ProxyHeadersMiddleware, trusted_hosts="*")
+
 # Add CORS middleware
 app.add_middleware(
     CORSMiddleware,