From 7f20742fcf20b1bdacd953fe783b1f411c14540b Mon Sep 17 00:00:00 2001
From: Kimi Agent <kimi@timmy.local>
Date: Thu, 19 Mar 2026 15:52:29 -0400
Subject: [PATCH] fix: replace hardcoded secret placeholder in CSRF middleware
 docstring (#488)

Co-authored-by: Kimi Agent <kimi@timmy.local>
Co-committed-by: Kimi Agent <kimi@timmy.local>
---
 src/dashboard/middleware/csrf.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dashboard/middleware/csrf.py b/src/dashboard/middleware/csrf.py
index d607e1f..826ea46 100644
--- a/src/dashboard/middleware/csrf.py
+++ b/src/dashboard/middleware/csrf.py
@@ -100,7 +100,7 @@ class CSRFMiddleware(BaseHTTPMiddleware):
             ...
 
     Usage:
-        app.add_middleware(CSRFMiddleware, secret="your-secret-key")
+        app.add_middleware(CSRFMiddleware, secret=settings.csrf_secret)
 
     Attributes:
         secret: Secret key for token signing (optional, for future use).