X-Forwarded-Port header not respected in reverse proxy setup with HTTPS on non-standard port #546
Description
Description:
When running Odoo behind a reverse proxy (NGINX) with HTTPS served on a non-standard port (e.g. 8443), Odoo fails to include the correct port in generated redirect URIs — even when all relevant proxy headers are forwarded and proxy_mode = True is set.
Despite correctly forwarding headers such as X-Forwarded-Proto, X-Forwarded-Host, and crucially X-Forwarded-Port, Odoo omits the port in its redirect URLs. This leads to incorrect behavior with services like Azure AD, where an exact match is required between the registered and the actual redirect URI.
How I discovered this:
While integrating Azure AD for OAuth authentication, I noticed Azure was rejecting the redirect with a mismatch error. After inspecting traffic and headers, I found that Odoo is correctly using https, but is omitting the port from the redirect — defaulting to 443 even though NGINX is serving it on 8443.
Expected behavior:
Odoo should include the value from the X-Forwarded-Port header in all URL constructions (including redirect URIs) when operating in proxy mode. This is crucial in non-standard HTTPS port setups.
Suggested fix (conceptually):
Ensure that X-Forwarded-Port is interpreted and used wherever Odoo generates URLs, particularly in OAuth flows. The current implementation seems to disregard this header entirely, which breaks compatibility in reverse proxy environments using non-standard ports.