using dashes instead of underscores in header names to avoid the fact that nginx by default drops all headers with underscore in the header name

src/public/javascripts/services/server.js

@@ -12,9 +12,10 @@ function getHeaders() {
 
     // headers need to be lowercase because node.js automatically converts them to lower case
     // so hypothetical protectedSessionId becomes protectedsessionid on the backend
+    // also avoiding using underscores instead of dashes since nginx filters them out by default
     return {
-        protected_session_id: protectedSessionId,
-        source_id: glob.sourceId
+        'trilium-protected-session-id': protectedSessionId,
+        'trilium-source-id': glob.sourceId
     };
 }
 

src/routes/routes.js

@@ -66,7 +66,7 @@ function route(method, path, middleware, routeHandler, resultHandler, transactio
     router[method](path, ...middleware, async (req, res, next) => {
         try {
             const result = await cls.init(async () => {
-                cls.namespace.set('sourceId', req.headers.source_id);
+                cls.namespace.set('sourceId', req.headers['trilium-source-id']);
                 protectedSessionService.setProtectedSessionId(req);
 
                 if (transactional) {

src/services/protected_session.js

@@ -15,7 +15,7 @@ function setDataKey(decryptedDataKey) {
 }
 
 function setProtectedSessionId(req) {
-    cls.namespace.set('protectedSessionId', req.headers.protected_session_id);
+    cls.namespace.set('protectedSessionId', req.headers['trilium-protected-session-id']);
 }
 
 function getProtectedSessionId() {