keystone-5 icon indicating copy to clipboard operation
keystone-5 copied to clipboard

Published 20 hours ago verified publisher icon keystonejs

Don't warn on cookieSecret if authentication not used (i.e. no AuthStrategy set)

Open midgleyc opened this issue 4 years ago • 0 comments

Bug report

Describe the bug

I've set up keystone to run the admin UI app behind a proxy (under a separate service with login), so I don't want keystone managing authentication itself. I'm running a server side application, so the API isn't publicly accessible and I don't use authentication for the API either. Keystone warns me when running in production mode about having not set cookieSecret (and about using MemoryStore), but I don't think it should be setting any cookies (or using a session store).

To Reproduce

  1. Set up Keystone with no authStrategy in your AdminUIApp, and no cookieSecret in the keystone object
  2. Try to start in production mode
  3. See the failure message

Expected behaviour

Keystone can be started in production mode with no authStrategy and no cookieSecret.

System information

  • OS: Ubuntu

Additional context

If I could disable session handling entirely, I think that would disable both error messages and also be a good solution? I couldn't find out how to do that.

midgleyc avatar Feb 24 '21 09:02 midgleyc