Hugging Face's logo

Spaces:
brucever
/
Dify
Sleeping

App Files Community
Pommsn commited on
Commit
8faf0f7
·
verified ·
1 Parent(s): 07efd03

Update start.sh

Browse files
Files changed (1) hide show
  1. start.sh +35 -27
start.sh CHANGED
@@ -19,33 +19,41 @@ nginx
19
  # 3. Start API (port 5001)
20
  echo "🧠 Starting API..."
21
 
22
- # NUCLEAR PATCH: Use SED to modify source files directly
23
- echo "🔧 Applying SED patches to Dify source..."
24
-
25
- # Find and patch all Python files that set httponly
26
- find /app/api -name "*.py" -type f -exec grep -l -i "httponly" {} \; 2>/dev/null | while read file; do
27
- echo " Patching: $file"
28
- sed -i 's/httponly=True/httponly=False/gi' "$file" 2>/dev/null || true
29
- sed -i 's/httponly = True/httponly = False/gi' "$file" 2>/dev/null || true
30
- sed -i "s/httponly':True/httponly':False/gi" "$file" 2>/dev/null || true
31
- sed -i "s/httponly': True/httponly': False/gi" "$file" 2>/dev/null || true
32
- sed -i 's/"httponly": True/"httponly": False/gi' "$file" 2>/dev/null || true
33
- sed -i "s/'httponly': True/'httponly': False/gi" "$file" 2>/dev/null || true
34
- done
35
-
36
- # Also patch cookie settings in configs
37
- find /app/api -name "*.py" -type f -exec grep -l -i "CSRF_COOKIE_HTTPONLY\|SESSION_COOKIE" {} \; 2>/dev/null | while read file; do
38
- echo " Config Patching: $file"
39
- # Set CSRF_COOKIE_HTTPONLY to False
40
- sed -i 's/CSRF_COOKIE_HTTPONLY.*=.*True/CSRF_COOKIE_HTTPONLY = False/gi' "$file" 2>/dev/null || true
41
- # Set SESSION_COOKIE_SAMESITE to None
42
- sed -i "s/SESSION_COOKIE_SAMESITE.*=.*/SESSION_COOKIE_SAMESITE = 'None'/gi" "$file" 2>/dev/null || true
43
- done
44
-
45
- echo "🔧 SED patches complete!"
46
-
47
- # Run Gunicorn
48
- gunicorn --bind 127.0.0.1:5001 --workers 1 --timeout 360 --forwarded-allow-ips='*' app:app &
 
 
 
 
 
 
 
 
49
  API_PID=$!
50
 
51
  # 4. Start Web (port 3000) with correct API URLs
 
19
  # 3. Start API (port 5001)
20
  echo "🧠 Starting API..."
21
 
22
+ # SAFE MIDDLEWARE PATCH: Create a wrapper that modifies cookies in responses
23
+ cat << 'MIDDLEWARE_EOF' > /app/api/cookie_patch_middleware.py
24
+ """WSGI Middleware to fix cookie HttpOnly for CSRF tokens on HF Spaces"""
25
+ from app import app as flask_app
26
+
27
+ class CookiePatchMiddleware:
28
+ def __init__(self, app):
29
+ self.app = app
30
+
31
+ def __call__(self, environ, start_response):
32
+ def custom_start_response(status, headers, exc_info=None):
33
+ new_headers = []
34
+ for name, value in headers:
35
+ if name.lower() == 'set-cookie' and 'csrf' in value.lower():
36
+ # Remove HttpOnly from CSRF cookies
37
+ value = value.replace('; HttpOnly', '').replace(';HttpOnly', '')
38
+ # Ensure SameSite=None and Secure
39
+ if 'SameSite' not in value:
40
+ value += '; SameSite=None'
41
+ if 'Secure' not in value:
42
+ value += '; Secure'
43
+ print(f"🔧 MIDDLEWARE PATCHED CSRF COOKIE: {value[:50]}...")
44
+ new_headers.append((name, value))
45
+ return start_response(status, new_headers, exc_info)
46
+ return self.app(environ, custom_start_response)
47
+
48
+ # Wrap the Flask app with our middleware
49
+ app = CookiePatchMiddleware(flask_app)
50
+ print("✅ COOKIE PATCH MIDDLEWARE LOADED!")
51
+ MIDDLEWARE_EOF
52
+
53
+ echo "🔧 Cookie patch middleware created!"
54
+
55
+ # Run Gunicorn with the middleware wrapper
56
+ gunicorn --bind 127.0.0.1:5001 --workers 1 --timeout 360 --forwarded-allow-ips='*' cookie_patch_middleware:app &
57
  API_PID=$!
58
 
59
  # 4. Start Web (port 3000) with correct API URLs