Minor cleanup before upstream

Author: zacps

.env

@@ -180,7 +180,7 @@ ADMIN_API_SECRET=# secret to admin API calls, like computing usage stats or expo
 # These values cannot be updated at runtime
 # They need to be passed when building the docker image
 # See https://github.com/huggingface/chat-ui/main/.github/workflows/deploy-prod.yml#L44-L47
-APP_BASE="" # base path of the app, e.g. /chat, left blank as default
+APP_BASE="/" # base path of the app, e.g. /chat
 PUBLIC_APP_COLOR=blue # can be any of tailwind colors: https://tailwindcss.com/docs/customizing-colors#default-color-palette
 ### Body size limit for SvelteKit https://svelte.dev/docs/kit/adapter-node#Environment-variables-BODY_SIZE_LIMIT
 BODY_SIZE_LIMIT=15728640

README.md

@@ -213,6 +213,7 @@ OPENID_CONFIG=`{
   SCOPES: "openid profile",
   TOLERANCE: // optional
   RESOURCE: // optional
+  PROVIDER: // required only for group-based permissions
 }`
 ```
 
@@ -343,7 +344,8 @@ If [logging in with OpenID](#openid-connect) via a supported provider, then user
 
 For all providers, see the following. Then, see additional instructions for your provider below.
 
-1. Add `PROVIDER: "<provider-name-here>"` to your `.env.local` (you will enter the actual provider name later). Also, add `groups` to the `OPENID_CONFIG.SCOPES` field in your `.env.local` file:
+1. Add `PROVIDER: "<provider-name-here>"` to your `.env.local`. Also, add `groups` to the `OPENID_CONFIG.SCOPES` field in your `.env.local` file:
+
 ```env
 OPENID_CONFIG=`{
   // rest of OPENID_CONFIG here
@@ -358,8 +360,6 @@ OPENID_CONFIG=`{
 > [!WARNING]
 > The first model in your `.env.local` file is considered the "default" model and should be available to all users, so we strongly recommend against setting `allowed_groups` for this model.
 
-> Note that during development, it is common to have `APP_BASE=""` in your `.env.local` - however, due to the cookies created by using a provider, this value should not be empty (e.g. setting `APP_BASE="/"` in `.env.local` would work).
-
 #### Provider: Microsoft Entra
 
 In order to enable use of [Microsoft Entra Security Groups](https://learn.microsoft.com/en-us/entra/fundamentals/concept-learn-about-groups) to show/hide models, do the following:
@@ -376,9 +376,8 @@ In order to enable use of [Microsoft Entra Security Groups](https://learn.micros
 ```
 
 3. Finally, configure your app in Microsoft Entra so that the app can access user groups via the MS Graph API:
-    - [Add groups claim](https://learn.microsoft.com/en-gb/entra/identity-platform/optional-claims?tabs=appui#configure-groups-optional-claims) to your app
-    - [Enable ID Tokens](https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#enable-id-tokens) for your app
-
+   - [Add groups claim](https://learn.microsoft.com/en-gb/entra/identity-platform/optional-claims?tabs=appui#configure-groups-optional-claims) to your app
+   - [Enable ID Tokens](https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc#enable-id-tokens) for your app
 
 #### Running your own models using a custom endpoint
 

src/hooks.server.ts

@@ -231,7 +231,8 @@ export const handle: Handle = async ({ event, resolve }) => {
 				...(envPublic.PUBLIC_ORIGIN ? [new URL(envPublic.PUBLIC_ORIGIN).host] : []),
 			];
 
-			// origin is null for some reason when the POST request callback comes from an auth provider like MS entra so we skip this check (CSRF token is still validated)
+			// origin is null when the POST request callback comes from an auth provider like MS entra
+			// so we skip this check (CSRF token is still validated)
 			if (
 				event.url.pathname !== `${base}/login/callback` &&
 				!validOrigins.includes(new URL(origin).host)