Cut over OIDC redirect to speech.du5t.xyz
NPM proxy host + Let's Encrypt cert for speech.du5t.xyz are live, so flip the session cookie to https_only=True (the redirect_uri and Authentik provider config changes live outside this repo, in /srv/asr/env/asr.env and the Authentik provider record). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -21,7 +21,7 @@ app.add_middleware(
|
|||||||
SessionMiddleware,
|
SessionMiddleware,
|
||||||
secret_key=SESSION_SECRET_KEY,
|
secret_key=SESSION_SECRET_KEY,
|
||||||
same_site="lax",
|
same_site="lax",
|
||||||
https_only=False, # 아직 전용 도메인/TLS가 없어 내부 IP:포트(http)로 접근하기 때문
|
https_only=True, # speech.du5t.xyz는 NPM에서 TLS 종료 후 내부로 포워딩됨
|
||||||
max_age=14 * 24 * 3600,
|
max_age=14 * 24 * 3600,
|
||||||
)
|
)
|
||||||
app.add_middleware(
|
app.add_middleware(
|
||||||
|
|||||||
Reference in New Issue
Block a user