From b85312c4331013cbaf49cb452be91702869bc5b8 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Thu, 12 Feb 2026 17:10:44 +0100 Subject: [PATCH] fix(infra): full KLZ parity for gatekeeper (dynamic COOKIE_DOMAIN + X-Forwarded-Host) --- .gitea/workflows/deploy.yml | 3 ++- docker-compose.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index c89171c..351e86b 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -275,8 +275,9 @@ jobs: AUTH_MIDDLEWARE="${PROJECT_NAME}-forward,${PROJECT_NAME}-auth,compress" COMPOSE_PROFILES="gatekeeper" fi - + # Gatekeeper Origin + COOKIE_DOMAIN=.$(echo $NEXT_PUBLIC_BASE_URL | sed 's|https://||') GATEKEEPER_ORIGIN="$NEXT_PUBLIC_BASE_URL/gatekeeper" # Generate Environment File diff --git a/docker-compose.yaml b/docker-compose.yaml index ab52b0b..8e7b297 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -31,7 +31,7 @@ services: - "traefik.http.middlewares.${PROJECT_NAME}-auth.forwardauth.address=http://${PROJECT_NAME}-gatekeeper:3000/gatekeeper/api/verify" - "traefik.http.middlewares.${PROJECT_NAME}-auth.forwardauth.trustForwardHeader=true" - - "traefik.http.middlewares.${PROJECT_NAME}-auth.forwardauth.authRequestHeaders=Host,X-Forwarded-Host,X-Forwarded-Proto,X-Forwarded-For,Cookie" + - "traefik.http.middlewares.${PROJECT_NAME}-auth.forwardauth.authRequestHeaders=X-Forwarded-Host,X-Forwarded-Proto,X-Forwarded-For,Cookie" - "traefik.http.middlewares.${PROJECT_NAME}-auth.forwardauth.authResponseHeaders=X-Auth-User" healthcheck: test: [ "CMD", "node", "-e", "fetch('http://127.0.0.1:3000/api/health').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))" ]