Spaces:
Sleeping
Sleeping
“shubhamdhamal”
commited on
Commit
·
d5e8f8f
1
Parent(s):
e7f3d6b
Fix CSRF token and session config for HF Spaces
Browse files
config.py
CHANGED
|
@@ -2,18 +2,26 @@ import os
|
|
| 2 |
from dotenv import load_dotenv
|
| 3 |
|
| 4 |
basedir = os.path.abspath(os.path.dirname(__file__))
|
| 5 |
-
# Load .env file only if not on Render
|
| 6 |
-
if not os.environ.get('RENDER'):
|
| 7 |
load_dotenv(os.path.join(basedir, '.env'))
|
| 8 |
|
| 9 |
# Set Flask app for CLI commands (needed for flask db upgrade)
|
| 10 |
os.environ.setdefault('FLASK_APP', 'run.py')
|
| 11 |
|
|
|
|
|
|
|
|
|
|
| 12 |
class Config:
|
| 13 |
-
SECRET_KEY = os.environ.get('FLASK_SECRET_KEY') or 'dev-secret-key-change-in-production-2024'
|
| 14 |
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
|
| 15 |
-
'sqlite:///' + os.path.join(basedir, 'app.db')
|
| 16 |
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 17 |
|
| 18 |
# Session configuration
|
| 19 |
SESSION_COOKIE_HTTPONLY = True
|
|
@@ -24,11 +32,11 @@ class Config:
|
|
| 24 |
SESSION_COOKIE_NAME = 'learning_path_session' # Custom session cookie name
|
| 25 |
|
| 26 |
# Ensure cookies work with OAuth redirects in production
|
| 27 |
-
if
|
| 28 |
SESSION_COOKIE_SECURE = True # Cookie only over HTTPS
|
| 29 |
-
SESSION_COOKIE_SAMESITE = '
|
| 30 |
REMEMBER_COOKIE_SECURE = True
|
| 31 |
-
REMEMBER_COOKIE_SAMESITE = '
|
| 32 |
else:
|
| 33 |
# Local development - allow HTTP cookies
|
| 34 |
SESSION_COOKIE_SECURE = False
|
|
|
|
| 2 |
from dotenv import load_dotenv
|
| 3 |
|
| 4 |
basedir = os.path.abspath(os.path.dirname(__file__))
|
| 5 |
+
# Load .env file only if not on Render or Hugging Face
|
| 6 |
+
if not os.environ.get('RENDER') and not os.environ.get('SPACE_ID'):
|
| 7 |
load_dotenv(os.path.join(basedir, '.env'))
|
| 8 |
|
| 9 |
# Set Flask app for CLI commands (needed for flask db upgrade)
|
| 10 |
os.environ.setdefault('FLASK_APP', 'run.py')
|
| 11 |
|
| 12 |
+
# Check if running in production (Render or HF Spaces)
|
| 13 |
+
IS_PRODUCTION = os.environ.get('RENDER') or os.environ.get('SPACE_ID')
|
| 14 |
+
|
| 15 |
class Config:
|
| 16 |
+
SECRET_KEY = os.environ.get('FLASK_SECRET_KEY') or os.environ.get('SECRET_KEY') or 'dev-secret-key-change-in-production-2024'
|
| 17 |
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
|
| 18 |
+
'sqlite:///' + os.path.join(basedir, 'instance', 'app.db')
|
| 19 |
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
| 20 |
+
|
| 21 |
+
# WTF CSRF Settings
|
| 22 |
+
WTF_CSRF_ENABLED = True
|
| 23 |
+
WTF_CSRF_TIME_LIMIT = 3600 # 1 hour token validity
|
| 24 |
+
WTF_CSRF_SSL_STRICT = False # Allow CSRF over HTTP for development
|
| 25 |
|
| 26 |
# Session configuration
|
| 27 |
SESSION_COOKIE_HTTPONLY = True
|
|
|
|
| 32 |
SESSION_COOKIE_NAME = 'learning_path_session' # Custom session cookie name
|
| 33 |
|
| 34 |
# Ensure cookies work with OAuth redirects in production
|
| 35 |
+
if IS_PRODUCTION:
|
| 36 |
SESSION_COOKIE_SECURE = True # Cookie only over HTTPS
|
| 37 |
+
SESSION_COOKIE_SAMESITE = 'Lax' # Lax works better for same-site forms
|
| 38 |
REMEMBER_COOKIE_SECURE = True
|
| 39 |
+
REMEMBER_COOKIE_SAMESITE = 'Lax'
|
| 40 |
else:
|
| 41 |
# Local development - allow HTTP cookies
|
| 42 |
SESSION_COOKIE_SECURE = False
|