From 67549d9e0eb012f10bec21162764efb637848fc8 Mon Sep 17 00:00:00 2001 From: Zac Pullar-Strecker Date: Fri, 20 Dec 2024 14:59:51 +1300 Subject: [PATCH] Minor cleanup before upstream --- .env | 2 +- README.md | 11 +++++------ src/hooks.server.ts | 3 ++- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.env b/.env index ef7b6d028a3..f82c16635b1 100644 --- a/.env +++ b/.env @@ -180,7 +180,7 @@ ADMIN_API_SECRET=# secret to admin API calls, like computing usage stats or expo # These values cannot be updated at runtime # They need to be passed when building the docker image # See https://github.com/huggingface/chat-ui/main/.github/workflows/deploy-prod.yml#L44-L47 -APP_BASE="" # base path of the app, e.g. /chat, left blank as default +APP_BASE="/" # base path of the app, e.g. /chat PUBLIC_APP_COLOR=blue # can be any of tailwind colors: https://tailwindcss.com/docs/customizing-colors#default-color-palette ### Body size limit for SvelteKit https://svelte.dev/docs/kit/adapter-node#Environment-variables-BODY_SIZE_LIMIT BODY_SIZE_LIMIT=15728640 diff --git a/README.md b/README.md index 3b07d201d29..534de849df1 100644 --- a/README.md +++ b/README.md @@ -213,6 +213,7 @@ OPENID_CONFIG=`{ SCOPES: "openid profile", TOLERANCE: // optional RESOURCE: // optional + PROVIDER: // required only for group-based permissions }` ``` @@ -343,7 +344,8 @@ If [logging in with OpenID](#openid-connect) via a supported provider, then user For all providers, see the following. Then, see additional instructions for your provider below. -1. Add `PROVIDER: ""` to your `.env.local` (you will enter the actual provider name later). Also, add `groups` to the `OPENID_CONFIG.SCOPES` field in your `.env.local` file: +1. Add `PROVIDER: ""` to your `.env.local`. Also, add `groups` to the `OPENID_CONFIG.SCOPES` field in your `.env.local` file: + ```env OPENID_CONFIG=`{ // rest of OPENID_CONFIG here @@ -358,8 +360,6 @@ OPENID_CONFIG=`{ > [!WARNING] > The first model in your `.env.local` file is considered the "default" model and should be available to all users, so we strongly recommend against setting `allowed_groups` for this model. -> Note that during development, it is common to have `APP_BASE=""` in your `.env.local` - however, due to the cookies created by using a provider, this value should not be empty (e.g. setting `APP_BASE="/"` in `.env.local` would work). - #### Provider: Microsoft Entra In order to enable use of [Microsoft Entra Security Groups](https://learn.microsoft.com/en-us/entra/fundamentals/concept-learn-about-groups) to show/hide models, do the following: @@ -376,9 +376,8 @@ In order to enable use of [Microsoft Entra Security Groups](https://learn.micros ``` 3. Finally, configure your app in Microsoft Entra so that the app can access user groups via the MS Graph API: - - [Add groups claim](https://learn.microsoft.com/en-gb/entra/identity-platform/optional-claims?tabs=appui#configure-groups-optional-claims) to your app - - [Enable ID Tokens](https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#enable-id-tokens) for your app - + - [Add groups claim](https://learn.microsoft.com/en-gb/entra/identity-platform/optional-claims?tabs=appui#configure-groups-optional-claims) to your app + - [Enable ID Tokens](https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#enable-id-tokens) for your app #### Running your own models using a custom endpoint diff --git a/src/hooks.server.ts b/src/hooks.server.ts index 61ce921c22c..5451708e748 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -231,7 +231,8 @@ export const handle: Handle = async ({ event, resolve }) => { ...(envPublic.PUBLIC_ORIGIN ? [new URL(envPublic.PUBLIC_ORIGIN).host] : []), ]; - // origin is null for some reason when the POST request callback comes from an auth provider like MS entra so we skip this check (CSRF token is still validated) + // origin is null when the POST request callback comes from an auth provider like MS entra + // so we skip this check (CSRF token is still validated) if ( event.url.pathname !== `${base}/login/callback` && !validOrigins.includes(new URL(origin).host)