mirrors/calibre-web
1
0
Fork 0
mirror of https://github.com/janeczku/calibre-web synced 2025-02-03 12:49:13 +00:00
Code Issues Releases Wiki Activity

Don't use an hardcoded session key

Browse Source 
This fixes a trivial authentication bypass,
according to https://flask.palletsprojects.com/en/1.1.x/quickstart/#sessions
This commit is contained in:
jvoisin 2020-04-29 13:58:16 +02:00
parent 0297823bda
commit 523aab2e9e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cps/__init__.py
View File

@ -89,7 +89,7 @@ def create_app():
log.info('Starting Calibre Web...') log.info('Starting Calibre Web...')
Principal(app) Principal(app)
lm.init_app(app) lm.init_app(app)
app.secret_key = os.getenv('SECRET_KEY', 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT') app.secret_key = os.getenv('SECRET_KEY', os.urandom(32))
web_server.init_app(app, config) web_server.init_app(app, config)
db.setup_db(config) db.setup_db(config)