From 101e2e8ba19cdfd875419bed0661584758a40ae9 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 24 Jul 2023 17:05:52 -0400
Subject: [PATCH] do not redirect to API URLs when not logged in

---
 salt/nginx/etc/nginx.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 925583ff3..bdcbdeacc 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -296,7 +296,9 @@ http {
 		error_page 429 = @error429;
 
 		location @error401 {
-			add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
+			if ($request_uri ~* ^/(?!(^/api/.*))) {
+				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
+			}
 			return        302 /auth/self-service/login/browser;
 		}