Merge pull request #83 from snypy/fix-admin-csrf

Add config option for csrf trusted origins
snypy · May 11, 2022 · 8ac26b3 · 8ac26b3
2 parents b003aba + 691977b
commit 8ac26b3
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 0 deletions.
diff --git a/.env.example b/.env.example
@@ -2,6 +2,7 @@ DEBUG=True
 SECRET_KEY=changeme!
 ALLOWED_HOSTS=localhost,127.0.0.1
 CORS_ORIGIN_WHITELIST=http://localhost,http://127.0.0.1
+CSRF_TRUSTED_ORIGINS=http://localhost,http://127.0.0.1
 REGISTER_VERIFICATION_URL=http://localhost:4200/verify-user/
 RESET_PASSWORD_VERIFICATION_URL=http://localhost:4200/reset-password/
 REGISTER_EMAIL_VERIFICATION_URL=http://localhost:4200/verify-email/

diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml
@@ -12,6 +12,7 @@ jobs:
       ALLOWED_HOSTS: localhost,127.0.0.1
       DATABASE_URL: sqlite:////tmp/db.sqlite3
       CORS_ORIGIN_WHITELIST: "http://localhost,http://127.0.0.1"
+      CSRF_TRUSTED_ORIGINS: "http://localhost"
       REGISTER_VERIFICATION_URL: "http://localhost:4200/verify-user/"
       RESET_PASSWORD_VERIFICATION_URL: "http://localhost:4200/reset-password/"
       REGISTER_EMAIL_VERIFICATION_URL: "http://localhost:4200/verify-email/"

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -10,6 +10,7 @@ jobs:
       ALLOWED_HOSTS: localhost,127.0.0.1
       DATABASE_URL: sqlite:////tmp/db.sqlite3
       CORS_ORIGIN_WHITELIST: "http://localhost,http://127.0.0.1"
+      CSRF_TRUSTED_ORIGINS: "http://localhost"
       REGISTER_VERIFICATION_URL: "http://localhost:4200/verify-user/"
       RESET_PASSWORD_VERIFICATION_URL: "http://localhost:4200/reset-password/"
       REGISTER_EMAIL_VERIFICATION_URL: "http://localhost:4200/verify-email/"

diff --git a/snypy/snypy/settings.py b/snypy/snypy/settings.py
@@ -20,6 +20,7 @@
 DEBUG = env("DEBUG")
 
 ALLOWED_HOSTS = env.list("ALLOWED_HOSTS")
+CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS")
 
 # Application definition