From ac49bfc7f96673b9a80b32fd1f5ea93999d85ac8 Mon Sep 17 00:00:00 2001 From: du5t Date: Thu, 18 Jun 2026 17:53:05 +0900 Subject: [PATCH] Cut over OIDC redirect to speech.du5t.xyz NPM proxy host + Let's Encrypt cert for speech.du5t.xyz are live, so flip the session cookie to https_only=True (the redirect_uri and Authentik provider config changes live outside this repo, in /srv/asr/env/asr.env and the Authentik provider record). Co-Authored-By: Claude Sonnet 4.6 --- app/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/main.py b/app/main.py index 0a02dd1..820f888 100644 --- a/app/main.py +++ b/app/main.py @@ -21,7 +21,7 @@ app.add_middleware( SessionMiddleware, secret_key=SESSION_SECRET_KEY, same_site="lax", - https_only=False, # 아직 전용 도메인/TLS가 없어 내부 IP:포트(http)로 접근하기 때문 + https_only=True, # speech.du5t.xyz는 NPM에서 TLS 종료 후 내부로 포워딩됨 max_age=14 * 24 * 3600, ) app.add_middleware(