From 6f05fb3835ccebc3e2e3e1eb5e351e3b68e84f92 Mon Sep 17 00:00:00 2001
From: Paul Konstantin Gerke <paulkgerke@craftware.info>
Date: Tue, 4 Jul 2023 15:01:59 +0200
Subject: [PATCH] Renamed the settings-option to ENABLE_HOME_ASSISTANT_SUPPORT

---
 babybuddy/settings/base.py          |  2 +-
 docs/configuration/homeassistant.md | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/babybuddy/settings/base.py b/babybuddy/settings/base.py
index 8c9aceea..5456ca85 100644
--- a/babybuddy/settings/base.py
+++ b/babybuddy/settings/base.py
@@ -361,4 +361,4 @@ BABY_BUDDY = {
 
 # Home assistant specific configuration
 
-HOME_ASSISTANT_USE_X_INGRESS_PATH = False
+ENABLE_HOME_ASSISTANT_SUPPORT = False
diff --git a/docs/configuration/homeassistant.md b/docs/configuration/homeassistant.md
index 7a9062ff..45225f40 100644
--- a/docs/configuration/homeassistant.md
+++ b/docs/configuration/homeassistant.md
@@ -1,6 +1,6 @@
 # Home Assistant
 
-## `HOME_ASSISTANT_USE_X_INGRESS_PATH`
+## `ENABLE_HOME_ASSISTANT_SUPPORT`
 
 *Default:* `False`
 
@@ -12,6 +12,13 @@ itself when run in home assistant. The ingress routing of home assistant
 otherwise will obfuscate the true host-url and some functions, like the QR-code
 generator for coupling devices might not work correctly.
 
+In addition, the QR-Code that allows connecting external applications
+to baby buddy will expose home assistant's ingress-service cookie
+`ingress_session`. This cookie is created for a user visiting baby buddy through
+home assistant. It allows a connecting application to authenticate with
+home assistant's ingress service, which is a required extra step in
+for this setup.
+
 **Do not enable this feature on other setups.** Attackers might be able to
 use this feature to redirect traffic in unexpected ways by manually adding
-`X-Ingress-Path` to the request URL.
+`X-Ingress-Path` to the request headers.