fix: align local Ory cookie domain rendering

scripts/render_ory_config.sh

@@ -62,6 +62,58 @@ append_unique_url() {
   KRATOS_ALLOWED_RETURN_URLS+=("$candidate")
 }
 
+url_host() {
+  local url="${1:-}"
+  [[ -n "$url" ]] || return 0
+
+  local without_scheme="$url"
+  if [[ "$without_scheme" == *"://"* ]]; then
+    without_scheme="${without_scheme#*://}"
+  fi
+  without_scheme="${without_scheme%%/*}"
+  without_scheme="${without_scheme%%\?*}"
+  without_scheme="${without_scheme%%#*}"
+
+  if [[ "$without_scheme" == \[*\]* ]]; then
+    without_scheme="${without_scheme#[}"
+    without_scheme="${without_scheme%%]*}"
+  elif [[ "$without_scheme" == *:* ]]; then
+    without_scheme="${without_scheme%%:*}"
+  fi
+
+  printf '%s' "$without_scheme"
+}
+
+resolve_kratos_session_cookie_domain() {
+  if [[ -n "${KRATOS_SESSION_COOKIE_DOMAIN:-}" ]]; then
+    export KRATOS_SESSION_COOKIE_DOMAIN
+    return 0
+  fi
+
+  local public_host
+  public_host="$(url_host "${KRATOS_BROWSER_URL:-}")"
+  if [[ -z "$public_host" ]]; then
+    public_host="$(url_host "${KRATOS_UI_URL:-}")"
+  fi
+
+  case "$public_host" in
+    localhost|127.0.0.1|0.0.0.0|*.localhost)
+      KRATOS_SESSION_COOKIE_DOMAIN="localhost"
+      ;;
+    *.hmac.kr|hmac.kr)
+      KRATOS_SESSION_COOKIE_DOMAIN="hmac.kr"
+      ;;
+    "")
+      KRATOS_SESSION_COOKIE_DOMAIN="localhost"
+      ;;
+    *)
+      KRATOS_SESSION_COOKIE_DOMAIN="$public_host"
+      ;;
+  esac
+
+  export KRATOS_SESSION_COOKIE_DOMAIN
+}
+
 build_kratos_allowed_return_urls_yaml() {
   KRATOS_ALLOWED_RETURN_URLS=()
   if [[ -n "${KRATOS_ALLOWED_RETURN_URLS_JSON:-}" ]]; then
@@ -137,6 +189,7 @@ OATHKEEPER_INTROSPECT_CLIENT_SECRET="${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oath
 export KRATOS_DSN HYDRA_DSN KETO_DSN HYDRA_SYSTEM_SECRET
 export OATHKEEPER_INTROSPECT_CLIENT_ID OATHKEEPER_INTROSPECT_CLIENT_SECRET
 
+resolve_kratos_session_cookie_domain
 build_kratos_allowed_return_urls_yaml
 
 mkdir -p "$OUTPUT_DIR/kratos" "$OUTPUT_DIR/hydra" "$OUTPUT_DIR/keto" "$OUTPUT_DIR/oathkeeper"