added CSRF trusted origin config, added tzdata - needed in debug mode #22

Merged
mhu merged 2 commits from sst/some-weird-stuff-with-docker into develop 2024-11-21 00:50:08 +01:00
2 changed files with 4 additions and 1 deletions

View File

@ -31,5 +31,6 @@ setuptools==75.3.0
sqlparse==0.4.1 sqlparse==0.4.1
toml==0.10.2 toml==0.10.2
typing_extensions==4.12.2 typing_extensions==4.12.2
tzdata==2024.2
urllib3==2.2.3 urllib3==2.2.3
wrapt==1.12.1 wrapt==1.12.1

View File

@ -56,7 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True':
ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')] ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')]
# Application definition # Application definition
INSTALLED_APPS = [ INSTALLED_APPS = [
@ -239,4 +238,7 @@ CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = False SECURE_SSL_REDIRECT = False
# allow detection of https behind "old" nginx
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
Review

I don't get this. This should only be a problem, if django actually wants to check for HTTPS.
I don't need tha toption and everything looks fine.

Have you checked that Line #239 says SECURE_SSL_REDIRECT = False in your case as well when running?
If this is the case:

Can you have a look at your docker ps when running it from the docker compose setup and see if the container is "healthy"?
This health check uses a curl command to get a static HTTP OK response. This only works without https, because inside the container there is not https setup.

Can you also have a look at:
https://stackoverflow.com/questions/28001659/django-secure-proxy-ssl-header-requires-referer

This describes some other stuff and mentions a sort of redirect loop, I think you also experienced before, right?

I don't get this. This should only be a problem, if django actually wants to check for HTTPS. I don't need tha toption and everything looks fine. Have you checked that Line #239 says ` SECURE_SSL_REDIRECT = False` in your case as well when running? If this is the case: Can you have a look at your `docker ps` when running it from the docker compose setup and see if the container is "healthy"? This health check uses a curl command to get a static HTTP OK response. This only works without https, because inside the container there is not https setup. Can you also have a look at: https://stackoverflow.com/questions/28001659/django-secure-proxy-ssl-header-requires-referer This describes some other stuff and mentions a sort of redirect loop, I think you also experienced before, right?
SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120) SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120)