From 7a1f3bfc3f827876feba669e2f0b6c034c51eef8 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Sun, 14 Dec 2025 22:25:46 -0300
Subject: [PATCH] gitea: add proxy/session headers for OIDC

---
 services/gitea/deployment.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/services/gitea/deployment.yaml b/services/gitea/deployment.yaml
index 66670a9..4fd47c2 100644
--- a/services/gitea/deployment.yaml
+++ b/services/gitea/deployment.yaml
@@ -131,6 +131,14 @@ spec:
               value: "trace"
             - name: GITEA__service__REQUIRE_SIGNIN_VIEW
               value: "false"
+            - name: GITEA__server__PROXY_HEADERS
+              value: "X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host"
+            - name: GITEA__session__COOKIE_SECURE
+              value: "true"
+            - name: GITEA__session__DOMAIN
+              value: "scm.bstein.dev"
+            - name: GITEA__session__SAME_SITE
+              value: "lax"
             - name: GITEA__security__SECRET_KEY
               valueFrom:
                 secretKeyRef: