Warn when localhost auth bypass is enabled

2026-06-01 16:08:01 +02:00
parent 74dedcad37
commit 370fe6b501
1 changed files with 2 additions and 0 deletions
--- a/app.py
+++ b/app.py
@@ -134,6 +134,8 @@ auth_manager = AuthManager()
 app.state.auth_manager = auth_manager
 AUTH_ENABLED = os.getenv("AUTH_ENABLED", "true").lower() != "false"
 LOCALHOST_BYPASS = os.getenv("LOCALHOST_BYPASS", "false").lower() == "true"
+if LOCALHOST_BYPASS:
+    logger.warning("LOCALHOST_BYPASS is enabled, loopback requests bypass authentication. Do not expose this instance to a network.")

 if AUTH_ENABLED:
    AUTH_EXEMPT_EXACT = {