unexpected behavior - adding CSRF_TRUSTED_ORIGINS = ["https://seafile.example.com"] to seahub_settings.py

[popbangshwang]

I have some unexpected behavior when adding CSRF_TRUSTED_ORIGINS = ["https://seafile.example.com"] to seahub_settings.py
I am adding this, based on this - #2707
I'm running traefik

After modifying seahub_settings.py I'm then able to access seafile through the proxy, however the top right menu for 'settings' etc is missing (labeled 'avatar' in the image below). However, if I bypass the proxy (with CSRF_TRUSTED_ORIGINS = ["https://seafile.example.com"] defined) - The menu is available.

Impact: Unable to logout, unable to perform admin tasks, unable manage user settings

Bypass proxy -:

Using proxy -:

This is my docker-compose.yml

services:
  db:
    image: mariadb:10.11
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=secretpassword  # Required, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - /opt/seafile/seafile-mysql/db:/var/lib/mysql  # Required, specifies the path to MySQL data persistent store.
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - seafile-net
#      - traefik
  memcached:
    image: memcached:1.6.18
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
#      - traefik
  seafile:
    image: seafileltd/seafile-mc:11.0-latest
    container_name: seafile
    ports:
      - "8081:80"
#     - "443:443"  # If https is enabled, cancel the comment.
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.seafile.rule=Host(`seafile.mydomain.xyz`)" # && (PathPrefix(`/login`))"
      - "traefik.http.routers.seafile.tls=true"
      - "traefik.http.routers.seafile.entrypoints=websecure"
      - "traefik.http.routers.seafile.tls.certresolver=myresolver"
      - "traefik.http.services.seafile.loadbalancer.server.port=80"
      - "traefik.docker.network=traefik"
    volumes:
      - /tragopan-share/seafile:/shared   # Required, specifies the path to Seafile data persistent store.
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=secretpassword  # Required, the value should be root's password of MySQL service.
      - TIME_ZONE=Etc/UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - [email protected] # Specifies Seafile admin user, default is '[email protected]'.
      - SEAFILE_ADMIN_PASSWORD=secretpassword     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=turkey.local # Specifies your host name if https is enabled.
    depends_on:
      - db
      - memcached
    networks:
      - traefik
      - seafile-net

networks:
  seafile-net:
  traefik:
    external: true