Potential Cookie issue behind reverse proxy

My version of HedgeDoc is: 1.9.7

What I expected to happen:
When clicking “+ new guest note” the editor should load.

What actually happened:
I just see a loading spinner when clicking +new guest note.
The console shows:
AUTH failed: Cookie is invalid.

I already tried:

Reverse proxy file: I’m using caddy v2 so it shouldn’t need any real config other then reverse_proxy.
The main site loads fine, it’s only when you click end up at the editor via /new

I also checked the Docker compose files. The containers can communicate (main site works) and I believe hedgedoc is configured correctly:

  • CMD_DOMAIN=hedgedoc.mydomain
  • CMD_USESSL=false
  • CMD_ALLOW_ORIGIN=[‘hedgedoc.mydomain’]

Also tried this one, but i’m getting out of my depth here:


The network tab shows the requests are all green. The socket.io upgrades too. It’s just that cookie message.

Actual cookies for the domain are as follows:


Nevermind, I solved it! :grin:

I had to add this to the Caddyfile:

 header_up X-Forwarded-Proto {scheme}

I was led to believe this was the default case with caddy v2 but it appears not!

Hopefully this helps somebody else in the future.

Nothing to see here, you can go about your business; move along.

P.S. it does say there are three exceptions here:
reverse_proxy (Caddyfile directive) — Caddy Documentation (caddyserver.com)