From 51e19c6199ef57fc35cd11281287d39d6c61c8ba Mon Sep 17 00:00:00 2001
From: Debanjum <debanjum@gmail.com>
Date: Sun, 13 Apr 2025 06:47:42 +0530
Subject: [PATCH] Simplify KHOJ_DOMAIN states. All production deployments
 should set it.

Do not need KHOJ_DOMAIN to be tri-state.
KHOJ_DOMAIN set to empty does not change behavior anymore.

Related 5a3c7b1
---
 src/khoj/app/settings.py | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/src/khoj/app/settings.py b/src/khoj/app/settings.py
index dd66a8b0..f0f20282 100644
--- a/src/khoj/app/settings.py
+++ b/src/khoj/app/settings.py
@@ -22,34 +22,29 @@ from khoj.utils.helpers import is_env_var_true
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
-
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
-
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = os.getenv("KHOJ_DJANGO_SECRET_KEY", "!secret")
 
-# All Subdomains of KHOJ_DOMAIN are trusted
+# Set KHOJ_DOMAIN to custom domain for production deployments.
 KHOJ_DOMAIN = os.getenv("KHOJ_DOMAIN") or "khoj.dev"
+
+# Set KHOJ_ALLOWED_DOMAIN to the i.p or domain of the Khoj service on the internal network.
+# Useful to set when running the service behind a reverse proxy.
 KHOJ_ALLOWED_DOMAIN = os.getenv("KHOJ_ALLOWED_DOMAIN", KHOJ_DOMAIN)
 ALLOWED_HOSTS = [f".{KHOJ_ALLOWED_DOMAIN}", "localhost", "127.0.0.1", "[::1]", f"{KHOJ_ALLOWED_DOMAIN}"]
 
+# All Subdomains of KHOJ_DOMAIN are trusted for CSRF
 CSRF_TRUSTED_ORIGINS = [
     f"https://*.{KHOJ_DOMAIN}",
     f"https://{KHOJ_DOMAIN}",
     f"http://*.{KHOJ_DOMAIN}",
     f"http://{KHOJ_DOMAIN}",
-    f"https://app.{KHOJ_DOMAIN}",
 ]
 
 DISABLE_HTTPS = is_env_var_true("KHOJ_NO_HTTPS")
 
-# KHOJ_DOMAIN is tri-state.
-# - Unset it for local deployments.
-# - Set it to empty for official production deployment.
-# - Set it to custom domain for other production deployments.
 # WARNING: Change this check only if you know what you are doing.
-if os.getenv("KHOJ_DOMAIN") == None:
+if not os.getenv("KHOJ_DOMAIN"):
     SESSION_COOKIE_DOMAIN = "localhost"
     CSRF_COOKIE_DOMAIN = "localhost"
 else:
@@ -59,7 +54,6 @@ else:
     if not DISABLE_HTTPS:
         SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
-COOKIE_SAMESITE = "None"
 if DISABLE_HTTPS:
     SESSION_COOKIE_SECURE = False
     CSRF_COOKIE_SECURE = False