ConceptProd/ConceptPortal-public
1
0
Fork 0
mirror of https://github.com/IRBorisov/ConceptPortal.git synced 2025-06-26 13:00:39 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix CSRF

Browse Source
This commit is contained in:
IRBorisov 2023-09-18 14:29:23 +03:00
parent 3737942ddc
commit 5d266420e1
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rsconcept/backend/.env.prod
View File

@ -4,7 +4,7 @@
ALLOWED_HOSTS=portal.acconcept.ru;api.portal.acconcept.ru ALLOWED_HOSTS=portal.acconcept.ru;api.portal.acconcept.ru
CSRF_TRUSTED_ORIGINS=https://portal.acconcept.ru;https://api.portal.acconcept.ru CSRF_TRUSTED_ORIGINS=https://portal.acconcept.ru;https://api.portal.acconcept.ru
CORS_ALLOWED_ORIGINS=https://portal.acconcept.ru CORS_ALLOWED_ORIGINS=https://portal.acconcept.ru
CSRF_COOKIE_DOMAIN=.acconcept.ru CSRF_COOKIE_DOMAIN=.portal.acconcept.ru
# File locations # File locations

7
rsconcept/backend/project/settings.py
View File

@ -68,7 +68,12 @@ REST_FRAMEWORK = {
CORS_ALLOW_CREDENTIALS = True CORS_ALLOW_CREDENTIALS = True
CORS_ALLOWED_ORIGINS = os.environ.get('CORS_ALLOWED_ORIGINS', 'http://localhost:3000').split(';') CORS_ALLOWED_ORIGINS = os.environ.get('CORS_ALLOWED_ORIGINS', 'http://localhost:3000').split(';')
CSRF_TRUSTED_ORIGINS = os.environ.get('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000').split(';') CSRF_TRUSTED_ORIGINS = os.environ.get('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000').split(';')
CSRF_COOKIE_DOMAIN = os.environ.get('CSRF_COOKIE_DOMAIN', 'localhost').split(';')
_domain = os.environ.get('CSRF_COOKIE_DOMAIN', '')
if _domain != '':
CSRF_COOKIE_DOMAIN = _domain
SESSION_COOKIE_DOMAIN = _domain
# CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN' # CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'