do not allow auth redirection to login page or home page; that serves no purpose

2026-02-26 08:55:41 +01:00 · 2026-02-25 17:58:35 -05:00
1 changed files with 6 additions and 2 deletions
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -383,12 +383,16 @@ http {

 		location @error401 {
 			if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
-				return	  401;
+				return    401;
 			}
+
 			if ($request_uri ~* ^/(?!(^/api/.*))) {
-				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
 				add_header    Strict-Transport-Security   "max-age=31536000; includeSubDomains";
 			}
+
+			if ($request_uri ~* ^/(?!(api/|login|auth|oauth2|$))) {
+				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
+			}
 			return        302 /auth/self-service/login/browser;
 		}