added CSRF trusted origin config, added tzdata - needed in debug mode #22

Merged
mhu merged 2 commits from sst/some-weird-stuff-with-docker into develop 2024-11-21 00:50:08 +01:00
Showing only changes of commit 6e51085210 - Show all commits

View File

@ -56,8 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True':
ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')] ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')]
CSRF_TRUSTED_ORIGINS =['https://' + get_env_value('DJANGO_ALLOWED_HOST')]
# Application definition # Application definition
mhu marked this conversation as resolved Outdated
Outdated
Review

This seems very unsafe!

This seems very unsafe!
INSTALLED_APPS = [ INSTALLED_APPS = [
@ -240,4 +238,7 @@ CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = False SECURE_SSL_REDIRECT = False
# allow detection of https behind "old" nginx
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
Review

I don't get this. This should only be a problem, if django actually wants to check for HTTPS.
I don't need tha toption and everything looks fine.

Have you checked that Line #239 says SECURE_SSL_REDIRECT = False in your case as well when running?
If this is the case:

Can you have a look at your docker ps when running it from the docker compose setup and see if the container is "healthy"?
This health check uses a curl command to get a static HTTP OK response. This only works without https, because inside the container there is not https setup.

Can you also have a look at:
https://stackoverflow.com/questions/28001659/django-secure-proxy-ssl-header-requires-referer

This describes some other stuff and mentions a sort of redirect loop, I think you also experienced before, right?

I don't get this. This should only be a problem, if django actually wants to check for HTTPS. I don't need tha toption and everything looks fine. Have you checked that Line #239 says ` SECURE_SSL_REDIRECT = False` in your case as well when running? If this is the case: Can you have a look at your `docker ps` when running it from the docker compose setup and see if the container is "healthy"? This health check uses a curl command to get a static HTTP OK response. This only works without https, because inside the container there is not https setup. Can you also have a look at: https://stackoverflow.com/questions/28001659/django-secure-proxy-ssl-header-requires-referer This describes some other stuff and mentions a sort of redirect loop, I think you also experienced before, right?
SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120) SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120)