iterminate/battery-tracker-app
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS, CSRF, input validation, and related security issues

Browse Source
This commit is contained in:
Darek
2026-04-14 16:00:50 -05:00
parent e0f04ea971
commit 270acc0430
7 changed files with 86 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config.py
+10 -1
View File
@@ -1,10 +1,19 @@
import os
import logging
SQLALCHEMY_DATABASE_URI = os.environ.get(
"DATABASE_URL",
"sqlite:///batteries.db",
)
SECRET_KEY = os.environ.get("SECRET_KEY", "dev-secret-change-in-prod")
_secret_key = os.environ.get("SECRET_KEY")
if not _secret_key:
logging.warning(
"SECRET_KEY not set — using insecure default. "
"Set SECRET_KEY env var before running in production."
)
SECRET_KEY = _secret_key or "dev-secret-change-in-prod"
SQLALCHEMY_TRACK_MODIFICATIONS = False
# Home Assistant integration (all optional — app works normally when absent)