fix: trust Traefik reverse proxy so Symfony generates https:// redirects

Traefik terminates TLS and forwards X-Forwarded-Proto: https to Nginx, which forwards it to PHP-FPM. Without trusted_proxies, Symfony ignored this header and generated http:// redirect URLs after login/register, causing session cookie loss on mobile (Secure cookie not sent over HTTP). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-04 19:10:44 -04:00
parent f7b0202711
commit 604d37d102
1 changed files with 10 additions and 0 deletions
@@ -5,6 +5,16 @@ framework:
    # Note that the session will be started ONLY if you read or write from it.
    session: true

+    # Trust the Traefik reverse proxy that terminates TLS before Nginx.
+    # REMOTE_ADDR = trust whatever IP is connecting to PHP-FPM (always Nginx in Docker).
+    trusted_proxies: 'REMOTE_ADDR'
+    trusted_headers:
+        - 'x-forwarded-for'
+        - 'x-forwarded-host'
+        - 'x-forwarded-proto'
+        - 'x-forwarded-port'
+        - 'x-forwarded-prefix'
+
    #esi: true
    #fragments: true