From fe496e85f8510c8a6e374ba15e8e103507bf3455 Mon Sep 17 00:00:00 2001 From: Dariusz Niemczyk Date: Sun, 14 Jan 2024 15:12:07 +0100 Subject: [PATCH] fix: add csrf config --- .env.example | 9 +++++++++ spejstore/settings.py | 3 +++ 2 files changed, 12 insertions(+) create mode 100644 .env.example diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..e348cde --- /dev/null +++ b/.env.example @@ -0,0 +1,9 @@ +SPEJSTORE_CLIENT_ID=OAUTH_ID +SPEJSTORE_SECRET=OAUTH_SECRET +SPEJSTORE_ENV=prod +SPEJSTORE_DB_NAME=postgres +SPEJSTORE_DB_PASSWORD=postgres +SPEJSTORE_DB_USER=postgres +SPEJSTORE_DB_HOST=db +SPEJSTORE_HOST="https://inventory.hackerspace.pl" +SPEJSTORE_LABEL_API=https://label.waw.hackerspace.pl diff --git a/spejstore/settings.py b/spejstore/settings.py index 67baaf8..be9f145 100644 --- a/spejstore/settings.py +++ b/spejstore/settings.py @@ -38,6 +38,8 @@ ALLOWED_HOSTS = env( ).split(",") LOGIN_REDIRECT_URL = "/admin/" +CSRF_TRUSTED_ORIGINS = env("HOST", "https://inventory.hackerspace.pl").split(",") + # Application definition @@ -225,3 +227,4 @@ LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567") LOGIN_URL = "/admin/login/" # Local LAN address space LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "") +ALLOWED_HOSTS = ["0.0.0.0", "localhost"]