X-Forwarded-Port header

Website, Application, Performance Security
1

Answer these questions to help the Community help you with Security questions.

What is the domain name?
saltwater scourge

Have you searched for an answer?
yes

Please share your search results url:
I’ve used a resources discord server which led me to many websites informing about X-Forwarded_port header, which led me to the final website which says that cloudflare provides or talks with the correct port already
git link

When you tested your domain, what were the results?
I can access my domain, but the CMS im using has modules that use the CMS API and I believe its not identifying http/https correctly so the modules are not working

Describe the issue you are having:
On my website listed above, Im using Caddy with NamelessMC Content Management System. The theme that im using for that CMS has a login/register button which uses NamelessMCs API. The login/register buttons do not work because the API is being identified as http instead of https, which I believe means the wrong port is being identified through a reverse proxy.

I’ve read that I should be on Full(Strict) which I have done but still no luck.
Im also reading something about X-Forwarded-Port header, but im using a shared host so is this something they would have to do, if this is whats wrong?

What error message or number are you receiving?

  1. Make sure the hostname value in core/config.php in FTP matches your site url. (it is correct)
  2. If you are using the www. prefix make sure the force www option is enabled in StaffCP → Configuration → General Settings. (i am not using www prefix, from what i read that is for subdomains through my reverse proxy, but this is not a subdomain)

What steps have you taken to resolve the issue?

  1. Full(strict)
  2. ensuring config is correct
  3. disabling cloudflare proxy and setting to dns only
  4. Anything else listed above, aside from knowing about xheader as I believe my host controls that

Was the site working with SSL prior to adding it to Cloudflare?
Ive only used cloudflare

What are the steps to reproduce the error:

  1. Its just always produced on the website when using login/register

Have you tried from another browser and/or incognito mode?
yes

Please attach a screenshot of the error:

3

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.