added CSRF trusted origin config, added tzdata - needed in debug mode #22
@ -56,8 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True':
|
||||
|
||||
ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')]
|
||||
|
||||
CSRF_TRUSTED_ORIGINS =['https://' + get_env_value('DJANGO_ALLOWED_HOST')]
|
||||
|
||||
# Application definition
|
||||
mhu marked this conversation as resolved
Outdated
|
||||
|
||||
INSTALLED_APPS = [
|
||||
@ -240,4 +238,7 @@ CSRF_COOKIE_SECURE = True
|
||||
|
||||
SECURE_SSL_REDIRECT = False
|
||||
|
||||
# allow detection of https behind "old" nginx
|
||||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
mhu
commented
I don't get this. This should only be a problem, if django actually wants to check for HTTPS. Have you checked that Line #239 says Can you have a look at your Can you also have a look at: This describes some other stuff and mentions a sort of redirect loop, I think you also experienced before, right? I don't get this. This should only be a problem, if django actually wants to check for HTTPS.
I don't need tha toption and everything looks fine.
Have you checked that Line #239 says `
SECURE_SSL_REDIRECT = False` in your case as well when running?
If this is the case:
Can you have a look at your `docker ps` when running it from the docker compose setup and see if the container is "healthy"?
This health check uses a curl command to get a static HTTP OK response. This only works without https, because inside the container there is not https setup.
Can you also have a look at:
https://stackoverflow.com/questions/28001659/django-secure-proxy-ssl-header-requires-referer
This describes some other stuff and mentions a sort of redirect loop, I think you also experienced before, right?
|
||||
|
||||
SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120)
|
||||
|
This seems very unsafe!