reverse proxy is override status code on development enviroment!!! #2600
Description
I have touched a little the template file with which the nginx configurations are generated, the result is the following:
# from nginxproxy/nginx-proxy
# uknp.dock/
upstream uknp.dock {
# Container: WSDD-Web-Server-PHP8.3
# networks:
# wsdd-network (reachable)
# IP address: 172.18.0.2
# exposed ports (first ten): 10000/tcp 80/tcp
# default port: 80
# using port: 80
server 172.18.0.2:80;
}
server {
server_name uknp.dock;
access_log /var/log/nginx/access.log vhost;
http2 on;
listen 80 ;
location /.well-known/acme-challenge/ {
proxy_intercept_errors off;
fastcgi_intercept_errors off;
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
listen 443 ssl ;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/uknp.dock.crt;
ssl_certificate_key /etc/nginx/certs/uknp.dock.key;
location / {
proxy_intercept_errors off;
fastcgi_intercept_errors off;
proxy_pass http://uknp.dock;
set $upstream_keepalive false;
# Add these headers to keep the original status codes
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# Ensure that HTTP status codes are not modified
proxy_ignore_headers Set-Cookie;
proxy_pass_request_headers on;
}
# custom 419 error
error_page 419 = /custom_419.html;
location = /custom_419.html {
internal;
add_header Content-Type text/html;
return 419 "Session expired or CSRF token invalid.";
}
}This is supposedly my reverse proxy configuration pointing to an Apache container (which was working fine until I had to implement a 419 status code for CSRF).
Regardless of my Nginx configuration, it keeps converting/overwriting the 419 error to a 500...
<?php
// Set headers to avoid caching
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Pragma: no-cache');
header('Expires: 0');
// Set custom header for CSRF
header('X-CSRF-TOKEN: expired_token_12345');
// Set status code 419 (CSRF Token Expired)
http_response_code(419);
// Response content in JSON format
header('Content-Type: application/json');
echo json_encode([
'error' => true,
'message' => 'CSRF token has expired',
'code' => 419,
'status' => 'CSRF_TOKEN_EXPIRED'
]);Note: I have already restarted the services/containers.