mhu/shimatta-kenkyusho
2
0
Fork 0
Code Issues 13 Pull Requests 1 Releases Wiki Activity

removed the trusted origin foo again - added proper detection of https

Browse Source
This commit is contained in:
Stefan Strobel 2024-11-19 23:31:56 +01:00
parent 5163834de4
commit 6e51085210
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py
View File

@ -56,8 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True':
ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')] ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')]
CSRF_TRUSTED_ORIGINS =['https://' + get_env_value('DJANGO_ALLOWED_HOST')]
# Application definition # Application definition
INSTALLED_APPS = [ INSTALLED_APPS = [
@ -240,4 +238,7 @@ CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = False SECURE_SSL_REDIRECT = False
# allow detection of https behind "old" nginx
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120) SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120)