rusackas opened a new pull request, #41299: URL: https://github.com/apache/superset/pull/41299
### SUMMARY `check_secret_key()` already refuses to start (in non-debug/non-testing mode) when `SECRET_KEY` equals the well-known placeholder constant, logging guidance and exiting. However, an explicitly empty `SECRET_KEY` was not covered: the environment fallback only substitutes the placeholder when the env var is unset, so a deployment that sets `SECRET_KEY = ""` (e.g. in `superset_config.py`) could reach the app with an empty key. This treats a missing/empty `SECRET_KEY` the same as the placeholder — warn in debug/testing, refuse to start otherwise — closing the remaining gap with the existing guard. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF N/A — startup validation behavior. ### TESTING INSTRUCTIONS Unit tests added in `tests/unit_tests/test_check_secret_key.py`: - Empty / `None` / placeholder keys fail closed (`SystemExit`) in non-debug mode. - The same keys warn but start in debug/testing mode. - A strong key starts with no warning. Run: `pytest tests/unit_tests/test_check_secret_key.py` ### ADDITIONAL INFORMATION - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
