Description
At the moment, Gitea users must set ROOT_URL correctly in app.ini, otherwise many URLs on the web UI will be wrong, which makes the web UI doesn't work properly (CSRF tokens and cookies can not work across domains)
The ROOT_URL must be set to the full URL which the users visit, with correct scheme(eg: https://the-gitea-domain/) and correct sub path if it is used (eg: https://the-gitea-domain/my-gitea-path/).
New code should always use relative URLs for Web UI.
Many maintainers have answered the issues about incorrect ROOT_URL again and again.
Using HTMLURL(and other absolute URLs) in templates is the root case that Gitea can only serve web under ROOT_URL.
That's why we have to force users to set ROOT_URL correctly.
If all URLs in template can be refactored to use Relative URL correctly, then we do not need to force users set ROOT_URL correctly again and again.
The ROOT_URL is still needed because for example, some webhooks need the absolute URL for external systems, and Gitea should show absolute URL on the UI for clone link, etc.
Related:
- Wrong redirection after add time to issue #14254
- url error when using nginx reverse proxy mode #17912
- Preview of Markdown not working, getting 403 #17843
- Dissimilar URLs #19340
- URL of any link in section "Repository" includes port 3030 #19963
- Multiple ROOT_URL syntax/possible? #6397 (5 up-votes!)
- Multidomain support #8697 (19 up-votes!)
- Manifest: property 'start_url' ignored, should be same origin as document. #20091
- Repo links on dashboard wrong when using a proxy frontend #20450
Some more related:
- Cannot get passed initial configuration #20436 , after installation, Gitea may redirect user to an incorrect location.
- During new instance setup make 'Gitea Base URL' filled from
window.location.origin#20089 , it may resolve the incorrect redirection problem during installation.
The PR to detect the problem: