diff --git a/api/gloo/enterprise.gloo/v1/auth_config.proto b/api/gloo/enterprise.gloo/v1/auth_config.proto
index 89719fbbc..9367b897e 100644
--- a/api/gloo/enterprise.gloo/v1/auth_config.proto
+++ b/api/gloo/enterprise.gloo/v1/auth_config.proto
@@ -465,8 +465,12 @@ message UserSession {
// Cookies are not sent on normal cross-site subrequests, but are sent when
// navigating to the origin site.
LaxMode = 1;
- // Only be sent in a first-party context and not be sent along with requests
- // initiated by third party websites.
+ // Cookies are sent only in first-party contexts and are not sent along with requests
+ // initiated by third-party websites.
+ //
+ // **Warning**: Do not use this mode if the app and the IdP have different domains.
+ // In this case, some browsers incorrectly detect the redirect from `/callback` to `/login`
+ // as a cross-site request.
StrictMode = 2;
// Cookies are sent in all contexts. Cookie NotSecure must be unset.
NoneMode = 3;
@@ -1060,6 +1064,8 @@ message ApiKeyAuth {
oneof storage_backend {
K8sSecretApiKeyStorage k8s_secret_apikey_storage = 6;
+ // Deprecated: Support for Aerospike is deprecated and will be removed in a future release.
+ // Use of this feature is not recommended.
AerospikeApiKeyStorage aerospike_apikey_storage = 7;
}
@@ -1101,6 +1107,8 @@ message K8sSecretApiKeyStorage {
repeated core.solo.io.ResourceRef api_key_secret_refs = 2;
}
+// Deprecated: Support for Aerospike is deprecated and will be removed in a future release.
+// Use of this feature is not recommended.
message AerospikeApiKeyStorage {
// The IP address or hostname of one of the cluster members of your Aerospike database. The address must be reachable from Gloo Gateway, such as in a virtual machine with a public IP address or in a pod in the cluster.
// The client automatically discovers other members of the cluster after establishing a connection.
diff --git a/pkg/api/enterprise.gloo.solo.io/v1/auth_config.pb.go b/pkg/api/enterprise.gloo.solo.io/v1/auth_config.pb.go
index 4f3e2569e..c5b08f8ab 100644
--- a/pkg/api/enterprise.gloo.solo.io/v1/auth_config.pb.go
+++ b/pkg/api/enterprise.gloo.solo.io/v1/auth_config.pb.go
@@ -136,8 +136,12 @@ const (
// Cookies are not sent on normal cross-site subrequests, but are sent when
// navigating to the origin site.
UserSession_CookieOptions_LaxMode UserSession_CookieOptions_SameSite = 1
- // Only be sent in a first-party context and not be sent along with requests
- // initiated by third party websites.
+ // Cookies are sent only in first-party contexts and are not sent along with requests
+ // initiated by third-party websites.
+ //
+ // **Warning**: Do not use this mode if the app and the IdP have different domains.
+ // In this case, some browsers incorrectly detect the redirect from `/callback` to `/login`
+ // as a cross-site request.
UserSession_CookieOptions_StrictMode UserSession_CookieOptions_SameSite = 2
// Cookies are sent in all contexts. Cookie NotSecure must be unset.
UserSession_CookieOptions_NoneMode UserSession_CookieOptions_SameSite = 3
@@ -3338,6 +3342,8 @@ type ApiKeyAuth_K8SSecretApikeyStorage struct {
}
type ApiKeyAuth_AerospikeApikeyStorage struct {
+ // Deprecated: Support for Aerospike is deprecated and will be removed in a future release.
+ // Use of this feature is not recommended.
AerospikeApikeyStorage *AerospikeApiKeyStorage `protobuf:"bytes,7,opt,name=aerospike_apikey_storage,json=aerospikeApikeyStorage,proto3,oneof"`
}
@@ -3404,6 +3410,8 @@ func (x *K8SSecretApiKeyStorage) GetApiKeySecretRefs() []*core.ResourceRef {
return nil
}
+// Deprecated: Support for Aerospike is deprecated and will be removed in a future release.
+// Use of this feature is not recommended.
type AerospikeApiKeyStorage struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache