ca_bundle

2026-05-11 11:00:03 +12:00
parent 9130629b58
commit 94712fc7fd
4 changed files with 33 additions and 1 deletions
@@ -69,10 +69,25 @@ SESSION_SECRET_KEY="<output-from-python-command>"
 AZURE_TENANT_ID="<your-tenant-id>"
 AZURE_CLIENT_ID="<your-client-id>"
 AZURE_CLIENT_SECRET="<your-client-secret>"
+AZURE_OAUTH_VERIFY_SSL="true"
 ```

 The app automatically loads `.env` on startup.

+### Corporate Firewall / SSL Interception
+
+If `/login` fails with `SSL:CERTIFICATE_VERIFY_FAILED` behind a corporate proxy/firewall, prefer trusting your corporate CA:
+
+```bash
+AZURE_OAUTH_CA_BUNDLE="/path/to/corporate-root-ca.pem"
+```
+
+For local dev only, you can temporarily disable verification:
+
+```bash
+AZURE_OAUTH_VERIFY_SSL="false"
+```
+
 ## Run Locally (Using uv)

 1. Create a virtual environment: