bito-code-review[bot] commented on PR #35818:
URL: https://github.com/apache/superset/pull/35818#issuecomment-3436439388
<details open>
<summary><strong>Interaction Diagram by <a
href="https://bito.ai#sequence_diagram";>Bito</a></strong></summary>
```mermaid
sequenceDiagram
participant APP as Flask App
participant CFG as config.py<br/>🔄 Updated | ●●● High
participant INIT as SupersetAppInitializer
participant SEC as Security Validator<br/>🔄 Updated | ●●○ Medium
participant ENC as Encryption Utils<br/>🔄 Updated | ●●○ Medium
participant OAUTH as OAuth2 Service<br/>🔄 Updated | ●●○ Medium
Note over CFG: Hardcoded SECRET_KEY added<br/>bypasses env/default logic
APP->>CFG: Load configuration
CFG-->>APP: Return hardcoded SECRET_KEY
APP->>INIT: Initialize app with config
INIT->>SEC: check_secret_key()
SEC-->>INIT: Validation passed (no default key)
INIT->>ENC: Configure encryption with SECRET_KEY
INIT->>OAUTH: Configure JWT signing with SECRET_KEY
ENC-->>APP: Encryption services ready
OAUTH-->>APP: OAuth2 token services ready
```
Critical path: Flask
App->config.py->SupersetAppInitializer->Security
Validator->Encryption Utils->OAuth2 Service
> **Note:** The hardcoded SECRET_KEY in config.py bypasses the default
environment variable and fallback logic. This impacts security validation (no
longer triggers default key warnings), encryption utilities, and OAuth2 JWT
token signing throughout the application startup flow.
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
