csrf invalid - socket.io

Update: I found the issue, the Nginx configuration for proxy_set_header X-Forwarded-Proto $scheme; needed to be added to the definition.

Getting this same issue on local testing box. Fresh install of nodeBB v3.4.2's ./nodebb log says:

2023-09-15T00:55:23.673Z [50009/3928] - error: POST /login
invalid csrf token

Web browser console says says:

https://test7.dev.cc/socket.io/?_csrf=6a4d4c...43eb&EIO=4&transport=polling&t=OgMM4ww
Failed to load resource: the server responded with a status of 403 ()

config.json is pretty straightforward, granted I'm using PostgreSQL which isn't really well documented here. Had success with nodeBB 2.X, 3.X supported?

{
    "url": "https://test7.dev.cc",
    "port": "50009",
    "bind_address": "127.0.0.1",
    "secret": "579e7ab9f9b57859734b15638a485e31",
    "database": "postgres",
    "postgres": {
        "host": "127.0.0.1",
        "port": "5432",
        "username": "pws_nodebb",
        "password": "NBpass123",
        "database": "pws_nodebb",
        "ssl": "false"
    }
}

Nginx configuration is pretty straight forward. Works with ExpressJS, and websocket-y apps (NodeRED, etc.) without issue:

location / {
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $host;
                    proxy_pass http://127.0.0.1:$nodebb_port;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";
                }

Not really sure what to make of it other than the subfolder /socket.io/ seems kinda interesting; is it attempting to establish a websocket with a subfolder URL definition? Not sure if that elicits further location definitions in Nginx.

Any suggestions greatly appreciated.