From cedf2a65e2d005aa3242b19edd743c44cefe67b4 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Thu, 19 Feb 2026 15:10:37 +0100 Subject: [PATCH] fix: add session_https_only to dev config and update README --- .dockerignore | 1 + Dockerfile | 3 ++- README.md | 1 + docker-compose.yml | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index e15d70e..220e200 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,4 +1,5 @@ .venv/ +.worktrees/ .git/ .gitignore .ruff_cache/ diff --git a/Dockerfile b/Dockerfile index 92d4dcc..1847755 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,8 @@ RUN uv sync --frozen --no-install-project # Source is bind-mounted at runtime via docker-compose ENV OIDC_OP_ISSUER=http://localhost:8000 \ - OIDC_OP_DEBUG=true + OIDC_OP_DEBUG=true \ + OIDC_OP_SESSION_HTTPS_ONLY=false EXPOSE 8000 diff --git a/README.md b/README.md index 78f18cf..980e1b7 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ variables always take priority over file values. | `OIDC_OP_SIGNING_KEY_PATH` | `data/keys` | OIDC signing key storage | | `OIDC_OP_INVITE_TTL` | `86400` | Magic link expiry in seconds | | `OIDC_OP_MANAGE_CLIENT_ID` | `manage-app` | Client ID for the management UI | +| `OIDC_OP_SESSION_HTTPS_ONLY` | `true` | Restrict session cookie to HTTPS (set `false` for local dev) | | `OIDC_OP_CONFIG_FILE` | `porchlight.toml` | Path to TOML config file | Database migrations run automatically on startup. diff --git a/docker-compose.yml b/docker-compose.yml index d66ba1b..2fc4244 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,6 +22,7 @@ services: environment: OIDC_OP_ISSUER: "http://localhost:8000" OIDC_OP_DEBUG: "true" + OIDC_OP_SESSION_HTTPS_ONLY: "false" volumes: - ./src:/app/src - ./pyproject.toml:/app/pyproject.toml