From d4ed34d0ea7041b0bd87a1a16261fc470022b5d1 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 11 Nov 2024 11:56:19 -0500
Subject: [PATCH] connect

---
 salt/nginx/etc/nginx.conf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 9eda44e73..09c40624e 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -235,7 +235,7 @@ http {
 
 		location /connect/ {
 			if ($http_authorization !~ "Bearer .*") {
-				return 403;
+				return 401;
 			}
 			rewrite               /connect/(.*) /api/$1 break;
 			proxy_pass            http://{{ GLOBALS.manager }}:9822/;
@@ -360,6 +360,9 @@ http {
 		error_page 429 = @error429;
 
 		location @error401 {
+			if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
+				return	  401;
+			}
 			if ($request_uri ~* ^/(?!(^/api/.*))) {
 				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
 			}
@@ -367,6 +370,9 @@ http {
 		}
 
 		location @error403 {
+			if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
+				return	  403;
+			}
 			add_header    Set-Cookie "ory_kratos_session=;Path=/;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;";
 			return        302 /auth/self-service/login/browser;
 		}