Working on: The Twitch authentication

main.py

@@ -65,13 +65,13 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(lifespan=lifespan)
 
-# Add middleware to trust proxy headers (X-Forwarded-For, X-Forwarded-Proto)
-# This is crucial for running behind a reverse proxy like Nginx or Caddy.
-app.add_middleware(ProxyHeadersMiddleware, trusted_hosts="*")
-
 # Add session middleware. A secret key is required for signing the session cookie.
 # We can reuse our encryption key for this, but in production you might want a separate key.
+# Note: Middleware is applied in reverse order (last added is first executed).
+# We want ProxyHeaders to run FIRST (outermost) to fix the scheme/host, 
+# then SessionMiddleware to run SECOND (inner) so it sees the correct scheme.
 app.add_middleware(SessionMiddleware, secret_key=settings.ENCRYPTION_KEY)
+app.add_middleware(ProxyHeadersMiddleware, trusted_hosts="*")
 
 # Mount the 'static' directory using an absolute path for reliability
 # This MUST be done before the routes that depend on it are defined.