From eba91c6b2b2b0e97b1a062f9662eb35f9e4bcfa2 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 20 Oct 2021 18:26:22 +0200 Subject: [PATCH] root: add cookie domain setting Signed-off-by: Jens Langhammer --- authentik/lib/default.yml | 1 + authentik/root/settings.py | 1 + website/docs/installation/configuration.md | 7 +++++++ 3 files changed, 9 insertions(+) diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index e74e8f766..4390443dd 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -56,6 +56,7 @@ outposts: # %(build_hash)s: Build hash if you're running a beta version container_image_base: env://AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE?goauthentik.io/%(type)s:%(version)s +cookie_domain: null disable_update_check: false avatars: env://AUTHENTIK_AUTHENTIK__AVATARS?gravatar geoip: "./GeoLite2-City.mmdb" diff --git a/authentik/root/settings.py b/authentik/root/settings.py index c879b3590..c8ea994b2 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -72,6 +72,7 @@ _cookie_suffix = "_debug" if DEBUG else "" CSRF_COOKIE_NAME = "authentik_csrf" LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}" SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}" +SESSION_COOKIE_DOMAIN = CONFIG.y("cookie_domain", None) AUTHENTICATION_BACKENDS = [ "django.contrib.auth.backends.ModelBackend", diff --git a/website/docs/installation/configuration.md b/website/docs/installation/configuration.md index d4581de4e..3803b5a05 100644 --- a/website/docs/installation/configuration.md +++ b/website/docs/installation/configuration.md @@ -62,6 +62,13 @@ Secret key used for cookie signing and unique user IDs, don't change this after Log level for the server and worker containers. Possible values: debug, info, warning, error Defaults to `info`. +### AUTHENTIK_COOKIE_DOMAIN + +Which domain the session cookie should be set to. By default, the cookie is set to the domain authentik is accessed under. + +### AUTHENTIK_DISABLE_UPDATE_CHECK + +Disable the inbuilt update-checker. Defaults to `false`. ### AUTHENTIK_ERROR_REPORTING