diff --git a/chart/templates/config.yaml b/chart/templates/config.yaml
index 6b94f22..aff008d 100644
--- a/chart/templates/config.yaml
+++ b/chart/templates/config.yaml
@@ -4,7 +4,7 @@ metadata:
   name: {{ include "webapp.name" . }}-config
   namespace: {{ .Release.Namespace }}
 data:
-  OAUTH_ALLOWED_HTTP2_AUTHORITY: webapp.arcodange.duckdns.org
+  OAUTH_ALLOWED_HOST: webapp.arcodange.duckdns.org
   OAUTH_DEVICE_CODE_ALLOWED_IPS: 90.16.102.250,
   DATABASE_URL: postgres://pgbouncer_auth:pgbouncer_auth@pgbouncer.tools/postgres?sslmode=disable
 #  DATABASE_URL: postgres://username:password@localhost/dbname?sslmode=disable
\ No newline at end of file
diff --git a/main.go b/main.go
index d0b100a..fbeec1a 100644
--- a/main.go
+++ b/main.go
@@ -21,7 +21,7 @@ import (
 var (
 	db *sql.DB // Global database connection
 	c = cache.New(5*time.Minute, 10*time.Minute)
-	oauthAllowedHttp2Authority = os.Getenv("OAUTH_ALLOWED_HTTP2_AUTHORITY") // URL authorized for device code
+	oauthAllowedHost = os.Getenv("OAUTH_ALLOWED_HOST") // URL authorized for device code
 	oauthDeviceCodeAllowedIPs = strings.Split(os.Getenv("OAUTH_DEVICE_CODE_ALLOWED_IPS"), ",") // IPS autorisées pour /retrieve
 )
 
@@ -150,12 +150,12 @@ func oauth2_callback(w http.ResponseWriter, r *http.Request) {
 
 	// Vérifier le référent (ou origine)
 
-	authorityHeader := r.Header.Get(":authority")
-	if oauthAllowedHttp2Authority != "" && authorityHeader != oauthAllowedHttp2Authority {
-		fmt.Println(":authority: "+authorityHeader)
-		fmt.Println("received headers")
+	hostHeader := strings.Trim(r.Header.Get("X-Forwarded-Host"), "[]")
+	if oauthAllowedHost != "" && hostHeader != oauthAllowedHost {
+		fmt.Fprintln(os.Stderr, "X-Forwarded-Host: "+hostHeader)
+		fmt.Fprintln(os.Stderr, "received headers")
 		for key, value := range r.Header {
-			fmt.Printf("%s='%s'\n", key, value)
+			fmt.Fprintf(os.Stderr, "%s='%s'\n", key, value)
 		}
 		http.Error(w, "Access denied: invalid referer or origin", http.StatusForbidden)
 		return