Message ID | 378ae0d018d956e5ae242844bed48087d8d37831.1696621423.git.tim.orling@konsulko.com |
---|---|
State | New |
Headers | show |
Series | Django 4.2 LTS Upgrade | expand |
diff --git a/docker/settings.py b/docker/settings.py index a73178c..33ab332 100644 --- a/docker/settings.py +++ b/docker/settings.py @@ -307,6 +307,7 @@ TOOLS_LOG_DIR = "" USE_X_FORWARDED_HOST = True ALLOWED_HOSTS = [os.getenv('HOSTNAME', 'layers.test')] +CSRF_TRUSTED_ORIGINS = ['https://' + os.getenv('HOSTNAME', 'layers.test')] SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True
In addition to ALLOWED_HOSTS, we now must have CSRF_TRUSTED_ORIGINS defined. This variable requires the scheme (http:// or https://). Like ALLOWED_HOSTS, CSRF_TRUSTED_ORIGINS is a list of strings, with one entry for each host which is trusted for POST requests. https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins Signed-off-by: Tim Orling <tim.orling@konsulko.com> --- docker/settings.py | 1 + 1 file changed, 1 insertion(+)