Enforce a Strict SameSite policy on SALT API

JBWatenbergScality · JBWatenbergScality · commit 807392b8209f · 2025-10-27T15:57:30.000+01:00
diff --git a/salt/metalk8s/addons/ui/deployed/ingress.sls b/salt/metalk8s/addons/ui/deployed/ingress.sls
@@ -31,7 +31,7 @@ metadata:
     # Add strict SameSite policy for Salt API
     nginx.ingress.kubernetes.io/configuration-snippet: |
       if ($proxy_host = "salt-api") {
-        proxy_cookie_path / "/; SameSite=Strict; HttpOnly; Secure";
+        proxy_cookie_flags ~ SameSite=Strict Secure HttpOnly;
       }
 spec:
   ingressClassName: "nginx-control-plane"

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ metadata:`
`31`	`31`	`# Add strict SameSite policy for Salt API`
`32`	`32`	`nginx.ingress.kubernetes.io/configuration-snippet: \|`
`33`	`33`	`if ($proxy_host = "salt-api") {`
`34`		`- proxy_cookie_path / "/; SameSite=Strict; HttpOnly; Secure";`
	`34`	`+ proxy_cookie_flags ~ SameSite=Strict Secure HttpOnly;`
`35`	`35`	`}`
`36`	`36`	`spec:`
`37`	`37`	`ingressClassName: "nginx-control-plane"`