Merge pull request #624 from explorigin/session-security

Improve Session Security
2025-12-16 11:57:51 +01:00 · 2024-02-03 17:41:31 -08:00
parent 1f02940bbd b8cc21a9f6
commit 323ec3787e
8 changed files with 34 additions and 23 deletions
--- a/backend/config.py
+++ b/backend/config.py
@@ -98,12 +98,15 @@ WEBUI_VERSION = os.environ.get("WEBUI_VERSION", "v1.0.0-alpha.61")
 WEBUI_AUTH = True

 ####################################
-# WEBUI_JWT_SECRET_KEY
+# WEBUI_SECRET_KEY
 ####################################

-WEBUI_JWT_SECRET_KEY = os.environ.get("WEBUI_JWT_SECRET_KEY", "t0p-s3cr3t")
+WEBUI_SECRET_KEY = os.environ.get(
+    "WEBUI_SECRET_KEY",
+    os.environ.get("WEBUI_JWT_SECRET_KEY", "t0p-s3cr3t")  # DEPRECATED: remove at next major version
+)

-if WEBUI_AUTH and WEBUI_JWT_SECRET_KEY == "":
+if WEBUI_AUTH and WEBUI_SECRET_KEY == "":
    raise ValueError(ERROR_MESSAGES.ENV_VAR_NOT_FOUND)

 ####################################