From 687fdf20cd5852530cbd7c9e5a34df64efbff6eb Mon Sep 17 00:00:00 2001 From: David Mehren Date: Mon, 21 Dec 2020 21:35:49 +0100 Subject: Add note about `X-Forwarded-Proto` to 1.7.0 release notes This header needs to be set correctly if the reverse proxy terminates TLS, otherwise we don't send cookies. Signed-off-by: David Mehren --- public/docs/release-notes.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index ad617f2e..6d31b8ff 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -10,6 +10,10 @@ This is probably the last release in the 1.x series. Stay tuned for 2.0, schedul **Please note:** This release dropped support for Node 8, which is end-of-life since January 2020. You now need at least Node 10.13 to run HedgeDoc, but we recommend running [the latest LTS release](https://nodejs.org/en/about/releases/). +**Please note:** If you use a reverse proxy and TLS, make sure it sets the `X-Forwarded-Proto` header correctly, +otherwise you will encounter login-issues. +[Our docs](https://github.com/hedgedoc/hedgedoc/blob/72734690225bb431908b0d4bd8edf38576a95f2f/docs/setup/reverse-proxy.md#reverse-proxy-config) have example configs for common reverse proxies. + ### Enhancements - Our release tarballs now contain the frontend bundle. This saves users from building the frontend themselves, which was an issue on memory-constrained systems. - Add OIDC scopes for email & profile retrieval ([#278](https://github.com/hedgedoc/hedgedoc/pull/278) & [#419](https://github.com/hedgedoc/hedgedoc/pull/419) by [@elespike](https://github.com/elespike) & [@vberger](https://github.com/vberger)) -- cgit v1.2.3