version: d0b3f199bb711d11c97557fa18caf7da15bc302a
When configuring phabricator behind a reverse Proxy with a different URL to the host, I get CSRF error on every post.
External url: phab.domain.com
internal url phabricator.int.domain.com
Set "phab.domain.com" to base-uri. but I don't get any session cookies.
Looking through AphrontRequest.php::getCookieDomainURI() It can never set cookie to match the base-uri, only ever the host.
(if base-uri not set then use host) else go through allowed-uri until you find the host and set that otherwise set null
so base-uri never used in cookie domain so reverse proxy (unless it is same domain or a subdomain of the host) doens't work.