From 8691017b46b9d79d204c182e412522d486486dc0 Mon Sep 17 00:00:00 2001
From: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
Date: Sat, 13 Oct 2018 13:39:50 +0200
Subject: [PATCH] Pass Host header to YunoHost API

This is useful to validate Origin/Referer headers in order to prevent
CSRF.
---
 data/templates/nginx/plain/yunohost_api.conf.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/templates/nginx/plain/yunohost_api.conf.inc b/data/templates/nginx/plain/yunohost_api.conf.inc
index 35cd0090c..4d7887cc6 100644
--- a/data/templates/nginx/plain/yunohost_api.conf.inc
+++ b/data/templates/nginx/plain/yunohost_api.conf.inc
@@ -4,6 +4,7 @@ location /yunohost/api/ {
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
+    proxy_set_header Host $http_host;
 
     # Custom 502 error page
     error_page 502 /yunohost/api/error/502;