Fix CSRF

2025-06-26 04:50:36 +03:00 · 2023-09-18 14:29:23 +03:00 · 2023-09-18 14:29:23 +03:00 · 5d266420e1
commit 5d266420e1
parent 3737942ddc
2 changed files with 7 additions and 2 deletions
--- a/rsconcept/backend/.env.prod
+++ b/rsconcept/backend/.env.prod
@ -4,7 +4,7 @@
 ALLOWED_HOSTS=portal.acconcept.ru;api.portal.acconcept.ru
 CSRF_TRUSTED_ORIGINS=https://portal.acconcept.ru;https://api.portal.acconcept.ru
 CORS_ALLOWED_ORIGINS=https://portal.acconcept.ru
-CSRF_COOKIE_DOMAIN=.acconcept.ru
+CSRF_COOKIE_DOMAIN=.portal.acconcept.ru


 # File locations
--- a/rsconcept/backend/project/settings.py
+++ b/rsconcept/backend/project/settings.py
@ -68,7 +68,12 @@ REST_FRAMEWORK = {
 CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOWED_ORIGINS = os.environ.get('CORS_ALLOWED_ORIGINS', 'http://localhost:3000').split(';')
 CSRF_TRUSTED_ORIGINS = os.environ.get('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000').split(';')
-CSRF_COOKIE_DOMAIN = os.environ.get('CSRF_COOKIE_DOMAIN', 'localhost').split(';')
+
+_domain = os.environ.get('CSRF_COOKIE_DOMAIN', '')
+if _domain != '':
+    CSRF_COOKIE_DOMAIN = _domain
+    SESSION_COOKIE_DOMAIN = _domain
+
 # CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'