How are you running Flagsmith
Describe the bug
Hello guys,
I discovered a bug - our self-hosted started to serve same environment flags regardless of x-environment-key.
curl 'https://self-hosted-url/api/v1/flags/' \
-H 'x-environment-key: [REDACTED]'
We have one active organization and two projects.
Project A is main project (used on backend/mobile/etc0
Project B is internal for FLAGSMITH_ON_FLAGSMITH_* and google SSO purposes
I suspect redis caching is the issue. Our environment variables:
# TODO: cache
# https://docs.djangoproject.com/en/4.2/topics/cache/
{ name = "ENVIRONMENT_CACHE_SECONDS", value = "60" },
{ name = "ENVIRONMENT_CACHE_BACKEND", value = "django.core.cache.backends.redis.RedisCache" },
{ name = "ENVIRONMENT_CACHE_LOCATION", value = "redis://${module.cache.primary_endpoint_address}:${module.cache.port}" },
{ name = "GET_FLAGS_ENDPOINT_CACHE_SECONDS", value = "60" },
{ name = "GET_IDENTITIES_ENDPOINT_CACHE_SECONDS", value = "15" },
{ name = "GET_FLAGS_ENDPOINT_CACHE_BACKEND", value = "django.core.cache.backends.redis.RedisCache" },
{ name = "GET_IDENTITIES_ENDPOINT_CACHE_BACKEND", value = "django.core.cache.backends.redis.RedisCache" },
{ name = "GET_FLAGS_ENDPOINT_CACHE_LOCATION", value = "redis://${module.cache.primary_endpoint_address}:${module.cache.port}" },
{ name = "GET_IDENTITIES_ENDPOINT_CACHE_LOCATION", value = "redis://${module.cache.primary_endpoint_address}:${module.cache.port}" },
Once we started using environment flags on one of our backend services, this endpoint started serving all flags from Project A despite passing Project B credentials.
Steps To Reproduce
I verified it multiple times inside browser console and confirmed that key was Project B, but values from Project A.
Additionally I tried to create second organization and third Project C, but issue still exist.
I tried to recycle containers, upgrade to latest 2.186.0, but issue still exists.
As a workaround -> I added oauth_google flag to Project A (main) and Google SSO appears again
I suspect environment data cached incorrectly with redis backend and served for all valid client keys
Expected behavior
Client Keys can access it's own data only
Screenshots
Project B or Project C:
This project has only one feature flag: oauth_google
Requesting with the same Api Key, but different flags returned:
How are you running Flagsmith
Describe the bug
Hello guys,
I discovered a bug - our self-hosted started to serve same environment flags regardless of
x-environment-key.We have one active organization and two projects.
Project A is main project (used on backend/mobile/etc0
Project B is internal for
FLAGSMITH_ON_FLAGSMITH_*and google SSO purposesI suspect redis caching is the issue. Our environment variables:
Once we started using environment flags on one of our backend services, this endpoint started serving all flags from Project A despite passing Project B credentials.
Steps To Reproduce
I verified it multiple times inside browser console and confirmed that key was Project B, but values from Project A.
Additionally I tried to create second organization and third Project C, but issue still exist.
I tried to recycle containers, upgrade to latest 2.186.0, but issue still exists.
As a workaround -> I added
oauth_googleflag to Project A (main) and Google SSO appears againI suspect environment data cached incorrectly with redis backend and served for all valid client keys
Expected behavior
Client Keys can access it's own data only
Screenshots
Project B or Project C:
This project has only one feature flag:
oauth_googleRequesting with the same Api Key, but different flags returned: