CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-02-26 08:55:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

do not allow auth redirection to login page or home page; that serves no purpose

Browse Source
This commit is contained in:
Jason Ertel
2026-02-25 17:58:35 -05:00
parent 04a757dde0
commit c1c568e94d
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/nginx/etc/nginx.conf
View File

@@ -383,12 +383,16 @@ http {
location @error401 {
if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
return 401;
return 401;
}
if ($request_uri ~* ^/(?!(^/api/.*))) {
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}
if ($request_uri ~* ^/(?!(api/|login|auth|oauth2|$))) {
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
}
return 302 /auth/self-service/login/browser;
}