agent(openclaw): isolate oauth cookie state

2026-05-21 01:54:24 -03:00 · 2026-05-21 01:54:24 -03:00 · b67120ef79
commit b67120ef79
parent f3a1037dcd
1 changed files with 3 additions and 0 deletions
--- a/services/openclaw/oauth2-proxy-agent.yaml
+++ b/services/openclaw/oauth2-proxy-agent.yaml
@ -97,8 +97,11 @@ spec:
            - --set-xauthrequest=true
            - --pass-access-token=true
            - --set-authorization-header=true
+            - --reverse-proxy=true
+            - --cookie-name=_oauth2_proxy_agent
            - --cookie-secure=true
            - --cookie-samesite=lax
+            - --cookie-csrf-per-request=true
            - --cookie-refresh=20m
            - --cookie-expire=168h
            - --insecure-oidc-allow-unverified-email=true