From 6ec92a19fd384610c326992a3196a081df3e5b9a Mon Sep 17 00:00:00 2001
From: samsepi0l <contact@samsepi0l.dev>
Date: Thu, 14 Dec 2023 14:51:48 +0100
Subject: [PATCH] Secure cookies

The cookies are not secure by default with heimdall, we can force it through nginx.
---
 heimdall.subdomain.conf.sample | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/heimdall.subdomain.conf.sample b/heimdall.subdomain.conf.sample
index 8e18aa8..71a2d69 100644
--- a/heimdall.subdomain.conf.sample
+++ b/heimdall.subdomain.conf.sample
@@ -35,6 +35,8 @@ server {
         # enable for Authentik (requires authentik-server.conf in the server block)
         #include /config/nginx/authentik-location.conf;
 
+        proxy_cookie_path / "/; Secure; SameSite=strict; HttpOnly";
+        
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
         set $upstream_app heimdall;