NodeBB itself is a subfolder installation in https://endless-endeavors.theswc.net/forum/. The node server is multi-tenant and works with express.js as a router/reverse proxy. All external http requests are redirected to https, but requests to the nodeBB server are proxied internally over http. Essentially this is the flow for an incoming forum request:
main server app -> enforce https, direct request to endless-endeavors.theswc.net directory
host/domain app -> Check url, if /forum, proxy to port 4567 over http (or wss if websocket)
let nodeBB do its thing.
I've been googling and have found quite a few threads, but none of the suggested solutions have worked. things i have tried so far:
Check url in config.json: 'https://endless-endeavors.theswc.net/forum/'
Make sure cookieDomain is '' in MongoDB
Including header 'X-Forwarded-Proto: https'
Including header 'X-Forwarded-SSL: on'
Including header 'X-Url-Scheme: https'
I've also found that in the GET request for the login form, no X-CSRF-Token header is received. The form itself however is populated with a token.