Fix: Always require a set, non-empty, not whitespace secret key, even in DEBUG (#12680)

2026-05-26 07:00:36 +00:00 · 2026-05-04 06:11:56 -07:00
parent 5010f37174
commit 4a915f8e3a
1 changed files with 1 additions and 2 deletions
@@ -464,8 +464,7 @@ SECURE_PROXY_SSL_HEADER = (
 )

 SECRET_KEY = os.getenv("PAPERLESS_SECRET_KEY")
-_INSECURE_SECRET_KEYS = {None, "", "change-me"}
-if not DEBUG and SECRET_KEY in _INSECURE_SECRET_KEYS:  # pragma: no cover
+if not (SECRET_KEY or "").strip() or SECRET_KEY == "change-me":  # pragma: no cover
    raise ImproperlyConfigured(
        "PAPERLESS_SECRET_KEY is not set or is the default 'change-me' value. "
        "A unique, secret key is required for secure operation. "