infra/novelapp: drop Authentik forward-auth (auth = "none")
novelapp handles its own user auth via NextAuth + Google OAuth, so the ingress-level Authentik forward-auth was double-gating. Mobile webviews (iOS/Android) can't follow the Authentik 302/cookie dance — they saw HTML challenges where they expected JSON. CrowdSec + rate-limit + anti-AI UA filter remain in front; novelapp's own login handles users. [ci skip]
This commit is contained in:
Viktor Barzin
parent
e1185721ca
commit
533e7b2a50
1 changed files with 6 additions and 2 deletions
|
|
@ -223,8 +223,12 @@ resource "kubernetes_service" "novelapp" {
|
|||
}
|
||||
|
||||
module "ingress" {
|
||||
source = "../../modules/kubernetes/ingress_factory"
|
||||
auth = "required"
|
||||
source = "../../modules/kubernetes/ingress_factory"
|
||||
# auth = "none": novelapp handles its own auth via NextAuth + Google OAuth
|
||||
# (AUTH_URL/AUTH_SECRET/GOOGLE_CLIENT_{ID,SECRET} env vars above). Putting
|
||||
# Authentik forward-auth in front double-gates the app and breaks iOS/Android
|
||||
# webview clients that can't complete the Authentik 302/cookie dance.
|
||||
auth = "none"
|
||||
dns_type = "non-proxied"
|
||||
namespace = kubernetes_namespace.novelapp.metadata[0].name
|
||||
name = "novelapp"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue