Fix subdomain csrf

2025-06-26 13:00:39 +03:00 · 2023-09-18 14:11:48 +03:00 · 2023-09-18 14:11:48 +03:00 · 3737942ddc
commit 3737942ddc
parent 77b577c9f8
2 changed files with 2 additions and 1 deletions
--- a/rsconcept/backend/.env.prod
+++ b/rsconcept/backend/.env.prod
@ -4,6 +4,7 @@
 ALLOWED_HOSTS=portal.acconcept.ru;api.portal.acconcept.ru
 CSRF_TRUSTED_ORIGINS=https://portal.acconcept.ru;https://api.portal.acconcept.ru
 CORS_ALLOWED_ORIGINS=https://portal.acconcept.ru
+CSRF_COOKIE_DOMAIN=.acconcept.ru


 # File locations
--- a/rsconcept/backend/project/settings.py
+++ b/rsconcept/backend/project/settings.py
@ -68,7 +68,7 @@ REST_FRAMEWORK = {
 CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOWED_ORIGINS = os.environ.get('CORS_ALLOWED_ORIGINS', 'http://localhost:3000').split(';')
 CSRF_TRUSTED_ORIGINS = os.environ.get('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000').split(';')
-# CSRF_COOKIE_NAME = 'csrftoken'
+CSRF_COOKIE_DOMAIN = os.environ.get('CSRF_COOKIE_DOMAIN', 'localhost').split(';')
 # CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'