Don't warn on cookieSecret if authentication not used (i.e. no AuthStrategy set) #40
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Bug report
Describe the bug
I've set up keystone to run the admin UI app behind a proxy (under a separate service with login), so I don't want keystone managing authentication itself. I'm running a server side application, so the API isn't publicly accessible and I don't use authentication for the API either. Keystone warns me when running in production mode about having not set cookieSecret (and about using MemoryStore), but I don't think it should be setting any cookies (or using a session store).
To Reproduce
Expected behaviour
Keystone can be started in production mode with no authStrategy and no cookieSecret.
System information
Additional context
If I could disable session handling entirely, I think that would disable both error messages and also be a good solution? I couldn't find out how to do that.
The text was updated successfully, but these errors were encountered: