Merge pull request from GHSA-g8xr-f424-h2rv

getredash · Nov 23, 2021 · c616c84 · c616c84
1 parent b191087
commit c616c84
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,6 +8,8 @@ x-redash-service: &redash-service
       skip_frontend_build: "true"
   volumes:
     - .:/app
+  env_file:
+    - .env
 x-redash-environment: &redash-environment
   REDASH_LOG_LEVEL: "INFO"
   REDASH_REDIS_URL: "redis://redis:6379/0"
@@ -16,6 +18,7 @@ x-redash-environment: &redash-environment
   REDASH_MAIL_DEFAULT_SENDER: "redash@example.com"
   REDASH_MAIL_SERVER: "email"
   REDASH_ENFORCE_CSRF: "true"
+  # Set secret keys in the .env file
 services:
   server:
     <<: *redash-service

diff --git a/redash/settings/__init__.py b/redash/settings/__init__.py
@@ -64,7 +64,11 @@
 )
 
 # The secret key to use in the Flask app for various cryptographic features
-SECRET_KEY = os.environ.get("REDASH_COOKIE_SECRET", "c292a0a3aa32397cdb050e233733900f")
+SECRET_KEY = os.environ.get("REDASH_COOKIE_SECRET")
+
+if SECRET_KEY is None:
+    raise Exception("You must set the REDASH_COOKIE_SECRET environment variable. Visit http://redash.io/help/open-source/admin-guide/secrets for more information.")
+
 # The secret key to use when encrypting data source options
 DATASOURCE_SECRET_KEY = os.environ.get("REDASH_SECRET_KEY", SECRET_KEY)
 

diff --git a/requirements.txt b/requirements.txt
@@ -39,6 +39,7 @@ jsonschema==3.1.1
 RestrictedPython==5.0
 pysaml2==6.1.0
 pycrypto==2.6.1
+python-dotenv==0.19.2
 funcy==1.13
 sentry-sdk>=0.14.3,<0.15.0
 semver==2.8.1