cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add X-Forwarded-Proto to all bootstrap API helpers
All checks were successful
CI / build (push) Successful in 48s
Details
CI / docker (push) Successful in 9s
Details

Browse Source 
All Logto endpoints are configured with HTTPS but bootstrap calls
internal HTTP. Every curl call needs the forwarded proto header.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-06 23:54:51 +02:00
parent 5f560e9f33
commit 251d8eb8e1
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docker/logto-bootstrap.sh
View File

@@ -107,6 +107,7 @@ get_default_token() {
curl -s -X POST "${LOGTO_ENDPOINT}/oidc/token" \ curl -s -X POST "${LOGTO_ENDPOINT}/oidc/token" \
-H "Content-Type: application/x-www-form-urlencoded" \ -H "Content-Type: application/x-www-form-urlencoded" \
-H "Host: ${HOST}" \ -H "Host: ${HOST}" \
-H "X-Forwarded-Proto: https" \
-d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all" -d "grant_type=client_credentials&client_id=${1}&client_secret=${2}&resource=${MGMT_API_RESOURCE}&scope=all"
} }
@@ -116,23 +117,24 @@ TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token' 2>/dev/null)
[ -z "$TOKEN" ] || [ "$TOKEN" = "null" ] && { log "ERROR: Failed to get token"; exit 1; } [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ] && { log "ERROR: Failed to get token"; exit 1; }
log "Got Management API token." log "Got Management API token."
# --- Helper: Logto API calls --- # --- Helper: Logto API calls (X-Forwarded-Proto needed since ENDPOINT is HTTPS but internal calls use HTTP) ---
PROXY_HEADERS="-H Host:${HOST} -H X-Forwarded-Proto:https"
api_get() { api_get() {
curl -s -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]" curl -s -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || echo "[]"
} }
api_post() { api_post() {
curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" \ curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true -d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
api_put() { api_put() {
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" \ curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true -d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
api_delete() { api_delete() {
curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true curl -s -X DELETE -H "Authorization: Bearer $TOKEN" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }
api_patch() { api_patch() {
curl -s -X PATCH -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" \ curl -s -X PATCH -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -H "Host: ${HOST}" -H "X-Forwarded-Proto: https" \
-d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true -d "$2" "${LOGTO_ENDPOINT}${1}" 2>/dev/null || true
} }