fix: add csrf config

2024-01-14 15:12:07 +01:00 · 2024-01-14 15:12:07 +01:00 · fe496e85f8
parent ea5e223fcc
commit fe496e85f8
2 changed files with 12 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@ -0,0 +1,9 @@
+SPEJSTORE_CLIENT_ID=OAUTH_ID
+SPEJSTORE_SECRET=OAUTH_SECRET
+SPEJSTORE_ENV=prod
+SPEJSTORE_DB_NAME=postgres
+SPEJSTORE_DB_PASSWORD=postgres
+SPEJSTORE_DB_USER=postgres
+SPEJSTORE_DB_HOST=db
+SPEJSTORE_HOST="https://inventory.hackerspace.pl"
+SPEJSTORE_LABEL_API=https://label.waw.hackerspace.pl
--- a/spejstore/settings.py
+++ b/spejstore/settings.py
@ -38,6 +38,8 @@ ALLOWED_HOSTS = env(
 ).split(",")
 LOGIN_REDIRECT_URL = "/admin/"

+CSRF_TRUSTED_ORIGINS = env("HOST", "https://inventory.hackerspace.pl").split(",")
+

 # Application definition

@ -225,3 +227,4 @@ LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567")
 LOGIN_URL = "/admin/login/"
 # Local LAN address space
 LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "")
+ALLOWED_HOSTS = ["0.0.0.0", "localhost"]