From 150213cbb3ca6a8f5f7b8e5f1b60e0b245fac125 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6gler?= <ck3d@gmx.de>
Date: Sun, 7 Feb 2021 19:18:29 +0100
Subject: [PATCH] Fix login if Hydra runs behind HTTP proxy with sub-path
 location

---
 src/lib/Hydra/Controller/Root.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/Hydra/Controller/Root.pm b/src/lib/Hydra/Controller/Root.pm
index 66aba9e5..24fddbf2 100644
--- a/src/lib/Hydra/Controller/Root.pm
+++ b/src/lib/Hydra/Controller/Root.pm
@@ -76,8 +76,8 @@ sub begin :Private {
 
     # XSRF protection: require POST requests to have the same origin.
     if ($c->req->method eq "POST" && $c->req->path ne "api/push-github") {
-        my $referer = $c->req->header('Origin');
-        $referer //= $c->req->header('Referer');
+        my $referer = $c->req->header('Referer');
+        $referer //= $c->req->header('Origin');
         my $base = $c->req->base;
         die unless $base =~ /\/$/;
         $referer .= "/";