From 96eadef5f5858fe7ca5603944b79bc8c5c7d651a Mon Sep 17 00:00:00 2001
From: Brutus5000 <Brutus5000@gmx.net>
Date: Mon, 4 May 2026 23:01:28 +0200
Subject: [PATCH 1/2] Allow CORS login from localhost

---
 apps/faf-user-service/templates/ingress.yaml | 26 ++++++++++++++++++++
 apps/faf-user-service/values-test.yaml       |  5 ++++
 apps/faf-user-service/values.yaml            |  3 +++
 apps/ory-hydra/templates/ingress.yaml        | 25 +++++++++++++++++++
 apps/ory-hydra/values-test.yaml              |  5 ++++
 apps/ory-hydra/values.yaml                   |  3 +++
 6 files changed, 67 insertions(+)
 create mode 100644 apps/faf-user-service/values-test.yaml
 create mode 100644 apps/ory-hydra/values-test.yaml

diff --git a/apps/faf-user-service/templates/ingress.yaml b/apps/faf-user-service/templates/ingress.yaml
index eb6236b5..343015bc 100644
--- a/apps/faf-user-service/templates/ingress.yaml
+++ b/apps/faf-user-service/templates/ingress.yaml
@@ -1,3 +1,25 @@
+{{- if .Values.cors.enabled }}
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: faf-user-service-cors
+spec:
+  headers:
+    accessControlAllowMethods:
+      - "GET"
+      - "POST"
+      - "OPTIONS"
+    accessControlAllowHeaders:
+      - "Content-Type"
+      - "Authorization"
+      - "X-HMAC"
+    accessControlAllowOriginListRegex:
+      {{- toYaml .Values.cors.allowOriginListRegex | nindent 6 }}
+    accessControlAllowCredentials: true
+    accessControlMaxAge: 600
+    addVaryHeader: true
+---
+{{- end }}
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -11,3 +33,7 @@ spec:
       services:
         - name: faf-user-service
           port: 8080
+      {{- if .Values.cors.enabled }}
+      middlewares:
+        - name: faf-user-service-cors
+      {{- end }}
diff --git a/apps/faf-user-service/values-test.yaml b/apps/faf-user-service/values-test.yaml
new file mode 100644
index 00000000..7901fc26
--- /dev/null
+++ b/apps/faf-user-service/values-test.yaml
@@ -0,0 +1,5 @@
+cors:
+  enabled: true
+  allowOriginListRegex:
+    - "^https?://localhost(:[0-9]+)?$"
+    - "^https?://127\\.0\\.0\\.1(:[0-9]+)?$"
diff --git a/apps/faf-user-service/values.yaml b/apps/faf-user-service/values.yaml
index e0d9d50a..851514ec 100644
--- a/apps/faf-user-service/values.yaml
+++ b/apps/faf-user-service/values.yaml
@@ -1,2 +1,5 @@
 infisical-secret:
   name: faf-user-service
+cors:
+  enabled: false
+  allowOriginListRegex: []
diff --git a/apps/ory-hydra/templates/ingress.yaml b/apps/ory-hydra/templates/ingress.yaml
index d0278271..5d87404d 100644
--- a/apps/ory-hydra/templates/ingress.yaml
+++ b/apps/ory-hydra/templates/ingress.yaml
@@ -1,3 +1,24 @@
+{{- if .Values.cors.enabled }}
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: ory-hydra-cors
+spec:
+  headers:
+    accessControlAllowMethods:
+      - "GET"
+      - "POST"
+      - "OPTIONS"
+    accessControlAllowHeaders:
+      - "Content-Type"
+      - "Authorization"
+      - "X-HMAC"
+    accessControlAllowOriginListRegex:
+      {{- toYaml .Values.cors.allowOriginListRegex | nindent 6 }}
+    accessControlMaxAge: 600
+    addVaryHeader: true
+---
+{{- end }}
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -11,3 +32,7 @@ spec:
       services:
         - name: ory-hydra
           port: 4444
+      {{- if .Values.cors.enabled }}
+      middlewares:
+        - name: ory-hydra-cors
+      {{- end }}
diff --git a/apps/ory-hydra/values-test.yaml b/apps/ory-hydra/values-test.yaml
new file mode 100644
index 00000000..7901fc26
--- /dev/null
+++ b/apps/ory-hydra/values-test.yaml
@@ -0,0 +1,5 @@
+cors:
+  enabled: true
+  allowOriginListRegex:
+    - "^https?://localhost(:[0-9]+)?$"
+    - "^https?://127\\.0\\.0\\.1(:[0-9]+)?$"
diff --git a/apps/ory-hydra/values.yaml b/apps/ory-hydra/values.yaml
index 1a869f04..f619ff65 100644
--- a/apps/ory-hydra/values.yaml
+++ b/apps/ory-hydra/values.yaml
@@ -3,6 +3,9 @@ image:
   tag: "v25.4.0"
 infisical-secret:
   name: ory-hydra
+cors:
+  enabled: false
+  allowOriginListRegex: []
 clients:
   - name: "FAF Client"
     id: "2e8808cf-5889-469b-b2c3-01f0cc58c4af"

From d8136ab2faecd550353f0c18c28690354d65ea44 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 9 May 2026 19:19:51 +0000
Subject: [PATCH 2/2] Update Helm release reloader to v2.2.11

---
 disabled/reloader/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/disabled/reloader/Chart.yaml b/disabled/reloader/Chart.yaml
index 021bb898..0fa57389 100644
--- a/disabled/reloader/Chart.yaml
+++ b/disabled/reloader/Chart.yaml
@@ -3,5 +3,5 @@ name: reloader
 version: 1.0.0
 dependencies:
 - name: reloader
-  version: 2.2.9
+  version: 2.2.11
   repository: https://stakater.github.io/stakater-charts