middleware for forwarding headers

dalenewman · dalenewman · commit 92d2dc8aee42 · 2026-04-29T14:48:40.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,13 @@
+# 0.19.3 <small>2026-04-29</small>
+
+## 🐛 Bug Fixes
+- Add forwarded headers middleware to `Site/Program.cs` so that links (e.g. download URLs) are
+  generated with `https://` when the app runs behind a reverse proxy such as an AWS ALB or Azure
+  Application Gateway that terminates TLS. Without this, the container sees plain HTTP and generates
+  `http://` links, which can break downloads due to auth cookies being stripped on redirect.
+
+<!-- CHANGELOG_BOUNDARY -->
+
 # 0.19.2 <small>2026-04-29</small>
 
 ## 💅 Improvements
diff --git a/src/OrchardCore.Transformalize/OrchardCore.Transformalize.csproj b/src/OrchardCore.Transformalize/OrchardCore.Transformalize.csproj
@@ -3,9 +3,9 @@
       <TargetFramework>net10.0</TargetFramework>
       <AddRazorSupportForMvc>true</AddRazorSupportForMvc>
       <RootNamespace>TransformalizeModule</RootNamespace>
-      <Version>0.19.1</Version>
-      <FileVersion>0.19.1</FileVersion>
-      <AssemblyVersion>0.19.1</AssemblyVersion>
+      <Version>0.19.3</Version>
+      <FileVersion>0.19.3</FileVersion>
+      <AssemblyVersion>0.19.3</AssemblyVersion>
       <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
       <Authors>Dale Newman</Authors>
       <Copyright>Copyright © 2013-2026</Copyright>
diff --git a/src/Site/Program.cs b/src/Site/Program.cs
@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.HttpOverrides;
 using Serilog;
 
 var builder = WebApplication.CreateBuilder(args);
@@ -32,6 +33,20 @@
    app.UseHsts();
 }
 
+// Trust X-Forwarded-For and X-Forwarded-Proto headers so that generated links use the correct
+// scheme (https) when the app runs in a private subnet behind a public-facing reverse proxy
+// (e.g. AWS ALB, Azure Application Gateway). Without this, the container only sees http and
+// generates http:// links, which can cause auth cookies to be stripped on redirect and break
+// downloads. KnownIPNetworks/KnownProxies are cleared so any upstream proxy is trusted —
+// this is safe when the container is not directly reachable from the internet, but would allow
+// header spoofing if the app were exposed publicly without a proxy in front of it.
+var forwardedOptions = new ForwardedHeadersOptions {
+   ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
+};
+forwardedOptions.KnownIPNetworks.Clear();
+forwardedOptions.KnownProxies.Clear();
+app.UseForwardedHeaders(forwardedOptions);
+
 // app.UseHttpsRedirection();
 app.UseStaticFiles();
 
