From 4902acc06d63538d5605df30ce8dfd1cbb9a21c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= <valknar@pivoine.art>
Date: Sat, 15 Nov 2025 20:44:15 +0100
Subject: [PATCH] test: switch to legacy /api/verify endpoint for automatic
 redirects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Try using the deprecated /api/verify endpoint instead of /api/authz/forward-auth
to see if it returns HTTP 302 redirects that browsers automatically follow
instead of HTTP 401 with Location headers.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 net/compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/compose.yaml b/net/compose.yaml
index 946e56f..7073971 100644
--- a/net/compose.yaml
+++ b/net/compose.yaml
@@ -295,7 +295,7 @@ services:
       - 'traefik.http.services.${NET_COMPOSE_PROJECT_NAME}-authelia-web-secure.loadbalancer.server.port=9091'
       - 'traefik.docker.network=${NETWORK_NAME}'
       # ForwardAuth middleware for other services
-      - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.address=http://net_authelia:9091/api/authz/forward-auth'
+      - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.address=http://net_authelia:9091/api/verify?rd=https://auth.pivoine.art/'
       - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.trustForwardHeader=true'
       - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authRequestHeaders=X-Forwarded-Method,X-Forwarded-Proto,X-Forwarded-Host,X-Forwarded-Uri,X-Forwarded-For'
       - 'traefik.http.middlewares.${NET_COMPOSE_PROJECT_NAME}-authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'