Renamed the settings-option to ENABLE_HOME_ASSISTANT_SUPPORT

2023-07-04 15:01:59 +02:00 · 2023-07-04 15:01:59 +02:00 · 6f05fb3835
parent b88d0cf897
commit 6f05fb3835
2 changed files with 10 additions and 3 deletions
--- a/babybuddy/settings/base.py
+++ b/babybuddy/settings/base.py
@ -361,4 +361,4 @@ BABY_BUDDY = {

 # Home assistant specific configuration

-HOME_ASSISTANT_USE_X_INGRESS_PATH = False
+ENABLE_HOME_ASSISTANT_SUPPORT = False
--- a/docs/configuration/homeassistant.md
+++ b/docs/configuration/homeassistant.md
@ -1,6 +1,6 @@
 # Home Assistant

-## `HOME_ASSISTANT_USE_X_INGRESS_PATH`
+## `ENABLE_HOME_ASSISTANT_SUPPORT`

 *Default:* `False`

@ -12,6 +12,13 @@ itself when run in home assistant. The ingress routing of home assistant
 otherwise will obfuscate the true host-url and some functions, like the QR-code
 generator for coupling devices might not work correctly.

+In addition, the QR-Code that allows connecting external applications
+to baby buddy will expose home assistant's ingress-service cookie
+`ingress_session`. This cookie is created for a user visiting baby buddy through
+home assistant. It allows a connecting application to authenticate with
+home assistant's ingress service, which is a required extra step in
+for this setup.
+
 **Do not enable this feature on other setups.** Attackers might be able to
 use this feature to redirect traffic in unexpected ways by manually adding
-`X-Ingress-Path` to the request URL.
+`X-Ingress-Path` to the request headers.