Merge branch 'w/131.0/feature/enhance-salt-api-security-with-strict-samesite-policy' into tmp/octopus/w/132.0/feature/enhance-salt-api-security-with-strict-samesite-policy

bert-e · bert-e · commit 517167824aeb · 2025-10-27T16:28:01.000Z
diff --git a/salt/metalk8s/addons/ui/deployed/ingress.sls b/salt/metalk8s/addons/ui/deployed/ingress.sls
@@ -30,9 +30,7 @@ metadata:
     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
     # Add strict SameSite policy for Salt API
     nginx.ingress.kubernetes.io/configuration-snippet: |
-      if ($proxy_host = "salt-api") {
-        proxy_cookie_flags ~ SameSite=Strict Secure HttpOnly;
-      }
+      add_header Set-Cookie "session_id=$cookie_session_id; SameSite=Strict; Secure; HttpOnly; Path=/";
 spec:
   ingressClassName: "nginx-control-plane"
   rules:
