{"ok":true,"requestUrl":"https://sysadmins.net/health/auth","requestOrigin":"https://sysadmins.net","browserOriginHeader":null,"hostHeader":"sysadmins.net","configuredOrigin":"https://sysadmins.net","cookieSecure":true,"nodeEnv":"production","instanceHostname":"e0f27b5d0708","requirePublicOrigin":true,"usingDevDefaults":false,"originEnvMismatch":false,"deployWarning":"PROTOCOL_HEADER and HOST_HEADER are not set in the container — add them to .env.production and run ./scripts/prod-up.sh --recreate. Also configure nginx to send X-Forwarded-Proto and X-Forwarded-Host.","proxyEnv":{"protocolHeader":null,"hostHeader":null,"portHeader":null},"forwarded":{"proto":null,"host":null,"port":null},"hints":["Browser Origin (on POST /login) must match requestOrigin above.","If behind nginx/Caddy: set PROTOCOL_HEADER=x-forwarded-proto and HOST_HEADER=x-forwarded-host in .env.production.","If users open https://sysadmins.net (no :3000), do not use ORIGIN with :3000.","If login succeeds then bounces back: check Set-Cookie in browser devtools (COOKIE_SECURE requires https)."]}