Making HTTP requests to a Rails app behind Apache2

Uploaded on July 14, 2023

I’ve been working on a Rails site for the first time and in deploying it I’ve been learning a lot about what goes on under the hood in Rails. For all requests that aren’t GET, I was getting this error:

HTTP Origin header ( didn't match request.base_url (

I didn’t understand where this was coming from at first – all of my GET requests were working behind my ProxyPass and ProxyPassReverse rules – why wasn’t this one?

Well to start – Rails has CSRF protection on all non-GET requests. So that’s why the GET requests didn’t care – it wasn’t checking the request.base_url on get requests.

Next, I found this StackOverflow post about bypassing this problem using nginx. After trying usuccesfully to get ChatGPT to turn these nginx rules into Apache2 rules, I searched again and found this great gist with the rules that Apache needs to proxy through Apache2 to my rails instance. I added the rules to my sites-available/gasfried.conf and sites-available/gasfried-le-ssl.conf (created from Let’s Encrypt) and it worked like a charm!