Fix access to Khoj admin panel from non HTTPS custom domains

To access the Khoj admin panel from a non HTTPS custom domain the `KHOJ_NO_SSL' and `KHOJ_DOMAIN' env vars need to be explictly set. See the updated setup docs for details. Resolves #662
2026-03-06 05:39:12 +00:00 · 2024-04-17 02:57:30 +05:30
parent 46210695b6
commit e9f608174b
3 changed files with 11 additions and 8 deletions
--- a/src/khoj/app/settings.py
+++ b/src/khoj/app/settings.py
@@ -13,7 +13,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/
 import os
 from pathlib import Path

-from khoj.utils.helpers import in_debug_mode
+from khoj.utils.helpers import in_debug_mode, is_env_var_true

 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
@@ -50,8 +50,8 @@ else:
    CSRF_COOKIE_DOMAIN = KHOJ_DOMAIN
    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")

-SESSION_COOKIE_SECURE = True
-CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = not is_env_var_true("KHOJ_NO_HTTPS")
+CSRF_COOKIE_SECURE = not is_env_var_true("KHOJ_NO_HTTPS")
 COOKIE_SAMESITE = "None"
 SESSION_COOKIE_SAMESITE = "None"

--- a/src/khoj/main.py
+++ b/src/khoj/main.py
@@ -14,7 +14,7 @@ import threading
 import warnings
 from importlib.metadata import version

-from khoj.utils.helpers import in_debug_mode
+from khoj.utils.helpers import in_debug_mode, is_env_var_true

 # Ignore non-actionable warnings
 warnings.filterwarnings("ignore", message=r"snapshot_download.py has been made private", category=FutureWarning)
@@ -73,7 +73,8 @@ app.add_middleware(
        "http://localhost",  # To allow access from Obsidian Android app
        "http://localhost:*",
        "http://127.0.0.1:*",
-        f"https://{KHOJ_DOMAIN}",
+        f"https://{KHOJ_DOMAIN}" if not is_env_var_true("KHOJ_NO_HTTPS") else f"http://{KHOJ_DOMAIN}",
+        f"https://{KHOJ_DOMAIN}:*" if not is_env_var_true("KHOJ_NO_HTTPS") else f"http://{KHOJ_DOMAIN}:*",
        "app://khoj.dev",
    ],
    allow_credentials=True,