Renamed the settings-option to ENABLE_HOME_ASSISTANT_SUPPORT

This commit is contained in:
Paul Konstantin Gerke 2023-07-04 15:01:59 +02:00 committed by Christopher Charbonneau Wells
parent b88d0cf897
commit 6f05fb3835
2 changed files with 10 additions and 3 deletions

View File

@ -361,4 +361,4 @@ BABY_BUDDY = {
# Home assistant specific configuration # Home assistant specific configuration
HOME_ASSISTANT_USE_X_INGRESS_PATH = False ENABLE_HOME_ASSISTANT_SUPPORT = False

View File

@ -1,6 +1,6 @@
# Home Assistant # Home Assistant
## `HOME_ASSISTANT_USE_X_INGRESS_PATH` ## `ENABLE_HOME_ASSISTANT_SUPPORT`
*Default:* `False` *Default:* `False`
@ -12,6 +12,13 @@ itself when run in home assistant. The ingress routing of home assistant
otherwise will obfuscate the true host-url and some functions, like the QR-code otherwise will obfuscate the true host-url and some functions, like the QR-code
generator for coupling devices might not work correctly. generator for coupling devices might not work correctly.
In addition, the QR-Code that allows connecting external applications
to baby buddy will expose home assistant's ingress-service cookie
`ingress_session`. This cookie is created for a user visiting baby buddy through
home assistant. It allows a connecting application to authenticate with
home assistant's ingress service, which is a required extra step in
for this setup.
**Do not enable this feature on other setups.** Attackers might be able to **Do not enable this feature on other setups.** Attackers might be able to
use this feature to redirect traffic in unexpected ways by manually adding use this feature to redirect traffic in unexpected ways by manually adding
`X-Ingress-Path` to the request URL. `X-Ingress-Path` to the request headers.