From 2fc54f5a83abd0fbcd07eb402fe0ae29f72c353b Mon Sep 17 00:00:00 2001
From: Stefan Bethke <stb@lassitu.de>
Date: Tue, 8 Oct 2024 20:28:56 +0200
Subject: [PATCH] Add missing headers to avoid CSRF errors

---
 .../configs/zammad/nginx/zammad.hamburg.ccc.de.conf           | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/playbooks/files/chaosknoten/configs/zammad/nginx/zammad.hamburg.ccc.de.conf b/playbooks/files/chaosknoten/configs/zammad/nginx/zammad.hamburg.ccc.de.conf
index f008634..c1f9182 100644
--- a/playbooks/files/chaosknoten/configs/zammad/nginx/zammad.hamburg.ccc.de.conf
+++ b/playbooks/files/chaosknoten/configs/zammad/nginx/zammad.hamburg.ccc.de.conf
@@ -35,6 +35,10 @@ server {
     # is transparent).
     # Also provide "_hidden" for by, since it's not relevant.
     proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden";
+    proxy_read_timeout 86400;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header CLIENT_IP $remote_addr;
 
     location ~/(ticket/zoom/.*) {
         return 302 https://zammad.hamburg.ccc.de/#$1;