mirror of https://github.com/snachodog/mybuddy.git
Renamed the settings-option to ENABLE_HOME_ASSISTANT_SUPPORT
This commit is contained in:
parent
b88d0cf897
commit
6f05fb3835
|
@ -361,4 +361,4 @@ BABY_BUDDY = {
|
|||
|
||||
# Home assistant specific configuration
|
||||
|
||||
HOME_ASSISTANT_USE_X_INGRESS_PATH = False
|
||||
ENABLE_HOME_ASSISTANT_SUPPORT = False
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Home Assistant
|
||||
|
||||
## `HOME_ASSISTANT_USE_X_INGRESS_PATH`
|
||||
## `ENABLE_HOME_ASSISTANT_SUPPORT`
|
||||
|
||||
*Default:* `False`
|
||||
|
||||
|
@ -12,6 +12,13 @@ itself when run in home assistant. The ingress routing of home assistant
|
|||
otherwise will obfuscate the true host-url and some functions, like the QR-code
|
||||
generator for coupling devices might not work correctly.
|
||||
|
||||
In addition, the QR-Code that allows connecting external applications
|
||||
to baby buddy will expose home assistant's ingress-service cookie
|
||||
`ingress_session`. This cookie is created for a user visiting baby buddy through
|
||||
home assistant. It allows a connecting application to authenticate with
|
||||
home assistant's ingress service, which is a required extra step in
|
||||
for this setup.
|
||||
|
||||
**Do not enable this feature on other setups.** Attackers might be able to
|
||||
use this feature to redirect traffic in unexpected ways by manually adding
|
||||
`X-Ingress-Path` to the request URL.
|
||||
`X-Ingress-Path` to the request headers.
|
||||
|
|
Loading…
Reference in New Issue