Merge pull request 'added CSRF trusted origin config, added tzdata - needed in debug mode' (#22) from sst/some-weird-stuff-with-docker into develop

Reviewed-on: #22 Reviewed-by: Mario Hüttel <mario.huettel@linux.com>
2024-11-21 00:50:08 +01:00 · 2024-11-21 00:50:08 +01:00 · b873b1fd0f
commit b873b1fd0f
parent 841be4f1bb 6e51085210
2 changed files with 4 additions and 1 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -31,5 +31,6 @@ setuptools==75.3.0
 sqlparse==0.4.1
 toml==0.10.2
 typing_extensions==4.12.2
+tzdata==2024.2
 urllib3==2.2.3
 wrapt==1.12.1
--- a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py
+++ b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py
@ -56,7 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True':

 ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')]

-
 # Application definition

 INSTALLED_APPS = [
@ -239,4 +238,7 @@ CSRF_COOKIE_SECURE = True

 SECURE_SSL_REDIRECT = False

+# allow detection of https behind "old" nginx
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+
 SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120)