Strapi behind caddy with basicauth causes reload loop

System Information
  • Strapi Version: 4.14.0
  • Operating System: Manjaro & Debian
  • Database: Postgres 14
  • Node Version: 18 LTS latest
  • NPM Version: 10.1.0

Hey everyone and thank you for your help.

I’ve setup Strapi according to this setup in the documentation behind caddy as a reverse proxy. For my prod instance everything works fine, however having “basicauth” enabled on my staging setup, i cannot access the /admin route. I get CORS Errors and the page is in a reload loop.
I sadly have no clue and i couldn’t find any information for that specific issue in the docs or this forum.
Only thing i could found was this issue.
Has anybody any ideas? Would be amazing cause i’m out of knowledge and i want to use basicauth to allow only certain people access to my staging instance.

All of those error are only present if basicauth is enabled.

EvalError: call to eval() blocked by CSP
Content-Security-Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).
Source: ;(function r(e,t=!1){const o="6.0";let i…

My middleware config:

module.exports = ({ env }) => [
    name: 'strapi::cors',
    config: {
      headers: '*',
      origin: ['http://localhost:1337', env('ALLOWED_ORIGIN')]

My Caddy config: {
    encode zstd gzip
    reverse_proxy staging_frontend:3000
    route /backend* {
        uri strip_prefix /backend
        reverse_proxy staging_strapi:1337
    header {
        Strict-Transport-Security max-age=31536000;
        X-Content-Type-Options nosniff
        X-Frame-Options SAMEORIGIN
        Referrer-Policy no-referrer-when-downgrade
        header_up Host {host}
        header_up Upgrade {http_upgrade}
        header_up Connection {http_upgrade}
    basicauth {
	    username password

I would join open office hours on - Friday 12:30 PM CST Strapi Community or I would open a issue on github.