Eliminate security vulnerabilty and disable debug /console endpoint.

agentsofthesystem · Jan 3, 2024 · 31b2a83 · 31b2a83
1 parent b8b2432
commit 31b2a83
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/application/config/config.py b/application/config/config.py
@@ -19,8 +19,8 @@ class DefaultConfig:
         DEFAULT_INSTALL_PATH = f"/usr/local/share/{APP_NAME}"
 
     # Flask specific configs
-    DEBUG = True
-    ENV = "development"
+    DEBUG = False
+    ENV = "production"
     FLASK_RUN_HOST = "0.0.0.0"
     FLASK_RUN_PORT = "5000"
     FLASK_FORCE_AUTH = False  # Leave as False except in testing.

diff --git a/application/gui/launch.py b/application/gui/launch.py
@@ -51,7 +51,12 @@ def _create_backend(self) -> Flask:
     def _spawn_server_on_thread(self):
         self._server_thread = Thread(
             target=lambda: self._globals._FLASK_APP.run(
-                host="0.0.0.0", port=5000, debug=True, use_reloader=False, threaded=True
+                host="0.0.0.0",
+                port=5000,
+                debug=False,
+                use_reloader=False,
+                threaded=True,
+                use_evalex=False
             )
         )
         self._server_thread.daemon = True