mirror of https://github.com/snachodog/mybuddy.git
Renamed the settings-option to ENABLE_HOME_ASSISTANT_SUPPORT
This commit is contained in:
parent
b88d0cf897
commit
6f05fb3835
|
@ -361,4 +361,4 @@ BABY_BUDDY = {
|
||||||
|
|
||||||
# Home assistant specific configuration
|
# Home assistant specific configuration
|
||||||
|
|
||||||
HOME_ASSISTANT_USE_X_INGRESS_PATH = False
|
ENABLE_HOME_ASSISTANT_SUPPORT = False
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Home Assistant
|
# Home Assistant
|
||||||
|
|
||||||
## `HOME_ASSISTANT_USE_X_INGRESS_PATH`
|
## `ENABLE_HOME_ASSISTANT_SUPPORT`
|
||||||
|
|
||||||
*Default:* `False`
|
*Default:* `False`
|
||||||
|
|
||||||
|
@ -12,6 +12,13 @@ itself when run in home assistant. The ingress routing of home assistant
|
||||||
otherwise will obfuscate the true host-url and some functions, like the QR-code
|
otherwise will obfuscate the true host-url and some functions, like the QR-code
|
||||||
generator for coupling devices might not work correctly.
|
generator for coupling devices might not work correctly.
|
||||||
|
|
||||||
|
In addition, the QR-Code that allows connecting external applications
|
||||||
|
to baby buddy will expose home assistant's ingress-service cookie
|
||||||
|
`ingress_session`. This cookie is created for a user visiting baby buddy through
|
||||||
|
home assistant. It allows a connecting application to authenticate with
|
||||||
|
home assistant's ingress service, which is a required extra step in
|
||||||
|
for this setup.
|
||||||
|
|
||||||
**Do not enable this feature on other setups.** Attackers might be able to
|
**Do not enable this feature on other setups.** Attackers might be able to
|
||||||
use this feature to redirect traffic in unexpected ways by manually adding
|
use this feature to redirect traffic in unexpected ways by manually adding
|
||||||
`X-Ingress-Path` to the request URL.
|
`X-Ingress-Path` to the request headers.
|
||||||
|
|
Loading…
Reference in New Issue