Cut over OIDC redirect to speech.du5t.xyz

NPM proxy host + Let's Encrypt cert for speech.du5t.xyz are live, so
flip the session cookie to https_only=True (the redirect_uri and
Authentik provider config changes live outside this repo, in
/srv/asr/env/asr.env and the Authentik provider record).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
du5t
2026-06-18 17:53:05 +09:00
parent 665ff8a659
commit ac49bfc7f9

View File

@@ -21,7 +21,7 @@ app.add_middleware(
SessionMiddleware,
secret_key=SESSION_SECRET_KEY,
same_site="lax",
https_only=False, # 아직 전용 도메인/TLS가 없어 내부 IP:포트(http)로 접근하기 때문
https_only=True, # speech.du5t.xyz는 NPM에서 TLS 종료 후 내부로 포워딩됨
max_age=14 * 24 * 3600,
)
app.add_middleware(