From 50cbe8d6806fc300f99bb91b0dc7e5aef56f0671 Mon Sep 17 00:00:00 2001
From: Mohmmed Elfateh Sabry <59346303+elfateh4@users.noreply.github.com>
Date: Sun, 14 Sep 2025 01:47:47 +0300
Subject: [PATCH] Update pgAdmin configuration to fix CSRF issues and trust
 proxy headers

---
 docker-compose.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index a465d17..658bdee 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -212,6 +212,13 @@ services:
       PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
       PGADMIN_CONFIG_SERVER_MODE: 'False'
       PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
+      # Fix CSRF issues behind reverse proxy
+      PGADMIN_CONFIG_WTF_CSRF_CHECK_DEFAULT: 'False'
+      PGADMIN_CONFIG_WTF_CSRF_TIME_LIMIT: 'None'
+      PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION: 'False'
+      # Trust proxy headers
+      PGADMIN_CONFIG_PROXY_X_HOST_COUNT: '1'
+      PGADMIN_CONFIG_PROXY_X_PREFIX_COUNT: '1'
     volumes:
       - pgadmin_data:/var/lib/pgadmin
     labels:
@@ -219,5 +226,5 @@ services:
       - traefik.http.routers.pgadmin.rule=Host(`pgadmin.gate.${DOMAIN}`)
       - traefik.http.routers.pgadmin.entrypoints=websecure
       - traefik.http.routers.pgadmin.tls.certresolver=le
-      - traefik.http.routers.pgadmin.middlewares=basic-auth,security-headers
+      - traefik.http.routers.pgadmin.middlewares=security-headers
       - traefik.http.services.pgadmin.loadbalancer.server.port=80