Pgadmin in docker container behind cloudflare tunnel

Question

I'm experiencing issues with my pgAdmin4 instance running in a Docker container, and I'm seeking assistance to resolve these. Here are the details:

setup

• Docker Compose for pgAdmin4, exposing pgAdmin on port 6578.
• I'm using Cloudflare for SSL/TLS, so there's no direct SSL configuration in the Docker Compose file.
• cloudflare tunnels for access
• Relevant section of my docker-compose.yml:

version: '3.8'

services:
  pgadmin4:
    image: dpage/pgadmin4
    ports:
      - "6578:80"
    volumes:
      - ./pgadmin:/var/lib/pgadmin
      - ./servers.json:/pgadmin4/servers.json
    environment:
      PGADMIN_DEFAULT_EMAIL: [email protected]
      PGADMIN_DEFAULT_PASSWORD: supersecret
    restart: unless-stopped

issues

1. Receiving 400 Bad Request errors when making XHR requests to https://pgadmin.example.com/preferences/get_all and https://pgadmin.example.com/misc/bgprocess/.

2. Console warnings about cookies misusing the “SameSite“ attribute.

3. JavaScript errors in the browser console, indicating potential issues with the web application scripts or session management.

logs

2023-12-21 07:51:29,274: ERROR  pgadmin:    400 Bad Request: The CSRF token is invalid.

Traceback (most recent call last):

  File "/venv/lib/python3.11/site-packages/flask_wtf/csrf.py", line 108, in validate_csrf

    token = s.loads(data, max_age=time_limit)

            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  File "/venv/lib/python3.11/site-packages/itsdangerous/timed.py", line 226, in loads

    raise _t.cast(BadSignature, last_exception)

  File "/venv/lib/python3.11/site-packages/itsdangerous/timed.py", line 210, in loads

    base64d, timestamp = signer.unsign(

                         ^^^^^^^^^^^^^^

  File "/venv/lib/python3.11/site-packages/itsdangerous/timed.py", line 136, in unsign

    raise BadTimeSignature(str(sig_error), payload=value, date_signed=ts_dt)

itsdangerous.exc.BadTimeSignature: Signature b'sv8QK5UpE6hBXe20Q1--LaV-lZg' does not match

The above exception was the direct cause of the following exception:

Traceback (most recent call last):

  File "/venv/lib/python3.11/site-packages/flask_wtf/csrf.py", line 261, in protect

attempts

• turned off cloudflare proxy
• turned on features in tunnels
  • no TLS verify
  • no happy eyeballs
• Checked Docker logs for any obvious issues but didn't find anything conclusive.
• Inspected network activity via the browser's developer tools.
• Ensured that pgAdmin and Docker are up to date.

Questions

1. What could be causing the 400 Bad Request errors in this setup, and how can I resolve them?
2. Are the JavaScript errors related to the Docker configuration or something within pgAdmin itself? 3- How should I correctly handle the “SameSite“ cookie attribute in this context?

Any guidance or suggestions would be greatly appreciated. Thank you!