MIRRORS/layerindex-web
1
0
Fork 0
mirror of git://git.yoctoproject.org/layerindex-web.git synced 2025-07-19 12:49:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

docker/settings.py: add CSRF_TRUSTED_ORIGINS

Browse Source 
In addition to ALLOWED_HOSTS, we now must have CSRF_TRUSTED_ORIGINS defined.
This variable requires the scheme (http:// or https://).

Like ALLOWED_HOSTS, CSRF_TRUSTED_ORIGINS is a list of strings, with one
entry for each host which is trusted for POST requests.

https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
This commit is contained in:
Tim Orling 2023-10-06 08:38:13 -07:00
parent 7dcdd0e2a1
commit 378ae0d018
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker/settings.py
View File

@ -307,6 +307,7 @@ TOOLS_LOG_DIR = ""
USE_X_FORWARDED_HOST = True
ALLOWED_HOSTS = [os.getenv('HOSTNAME', 'layers.test')]
CSRF_TRUSTED_ORIGINS = ['https://' + os.getenv('HOSTNAME', 'layers.test')]
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True