From 9595ebca62ca21ee033b2e1ce7c0d215eef48171 Mon Sep 17 00:00:00 2001
From: trivernis <trivernis@protonmail.com>
Date: Mon, 9 Oct 2023 17:21:12 +0200
Subject: [PATCH] Fix security headers not being allowed cross-namespace

---
 apps/searxng/app/route.yaml                   | 6 +++---
 apps/traefik/app/security-headers.yaml        | 2 +-
 apps/traefik/app/strict-security-headers.yaml | 2 +-
 apps/traefik/app/traefik-config.yaml          | 1 +
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/apps/searxng/app/route.yaml b/apps/searxng/app/route.yaml
index 60798a4..870dbad 100644
--- a/apps/searxng/app/route.yaml
+++ b/apps/searxng/app/route.yaml
@@ -9,9 +9,9 @@ spec:
   routes:
   - match: Host(`search.trivernis.dev`) || Host(`search.trivernis.net`)
     kind: Rule
-    middlewares:
-      - name: strict-security-headers
-        namespace: default
     services:
     - name: searxng-srv
       port: 8080
+    middlewares:
+      - name: strict-security-headers
+        namespace: default
diff --git a/apps/traefik/app/security-headers.yaml b/apps/traefik/app/security-headers.yaml
index d6dbd48..35bd4fb 100644
--- a/apps/traefik/app/security-headers.yaml
+++ b/apps/traefik/app/security-headers.yaml
@@ -14,4 +14,4 @@ spec:
     customResponseHeaders:
       X-Robots-Tag: noindex,nofollow
       X-Download-Options: noopen
-      X-Powered-By: coffee X-Powered-By
\ No newline at end of file
+      X-Powered-By: coffee
\ No newline at end of file
diff --git a/apps/traefik/app/strict-security-headers.yaml b/apps/traefik/app/strict-security-headers.yaml
index fbd682c..740f8e8 100644
--- a/apps/traefik/app/strict-security-headers.yaml
+++ b/apps/traefik/app/strict-security-headers.yaml
@@ -15,4 +15,4 @@ spec:
       X-Robots-Tag: noindex,nofollow
       X-Download-Options: noopen
       X-Permitted-Cross-Domain-Policies: none
-      X-Powered-By: coffee X-Powered-By
\ No newline at end of file
+      X-Powered-By: coffee
\ No newline at end of file
diff --git a/apps/traefik/app/traefik-config.yaml b/apps/traefik/app/traefik-config.yaml
index 6242d6a..713cec8 100644
--- a/apps/traefik/app/traefik-config.yaml
+++ b/apps/traefik/app/traefik-config.yaml
@@ -8,6 +8,7 @@ spec:
     additionalArguments:
       - "--entryPoints.web.proxyProtocol.trustedIPs=10.0.0.254"
       - "--entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.254"
+      - "--providers.kubernetescrd.allowCrossNamespace=true"
     ports:
       web:
         exposedPort: 8000