removed the trusted origin foo again - added proper detection of https
This commit is contained in:
parent
5163834de4
commit
6e51085210
@ -56,8 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True':
|
||||
|
||||
ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')]
|
||||
|
||||
CSRF_TRUSTED_ORIGINS =['https://' + get_env_value('DJANGO_ALLOWED_HOST')]
|
||||
|
||||
# Application definition
|
||||
|
||||
INSTALLED_APPS = [
|
||||
@ -240,4 +238,7 @@ CSRF_COOKIE_SECURE = True
|
||||
|
||||
SECURE_SSL_REDIRECT = False
|
||||
|
||||
# allow detection of https behind "old" nginx
|
||||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
|
||||
SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120)
|
||||
|
Loading…
Reference in New Issue
Block a user