Skip to content

Commit

Permalink
CU-8694gtycm: latest Django CSRF protections to be used now.
Browse files Browse the repository at this point in the history
  • Loading branch information
tomolopolis committed Jul 2, 2024
1 parent 40e986d commit 562367f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
3 changes: 3 additions & 0 deletions envs/env
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ MEDCAT_CONFIG_FILE=/home/configs/base.txt
### Deployment Realm ###
ENV=non-prod

# Complete once this is deployed
CSRF_TRUSTED_ORIGINS=

### Django debug setting - to live-reload etc. ###
DEBUG=True

Expand Down
6 changes: 4 additions & 2 deletions webapp/api/core/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,11 @@
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

environ_origins = os.environ.get('CSRF_TRUSTED_ORIGINS', None)
trusted_origins = [] if environ_origins is None else environ_origins.split(',')
CSRF_TRUSTED_ORIGINS = ['https://127.0.0.1:8001', 'http://localhost:8001'] + trusted_origins

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
SECURE_CROSS_ORIGIN_OPENER_POLICY = None

# SECURITY WARNING: keep the secret key used in production secret!
realm = os.environ.get('ENV', 'non-prod')
Expand Down

0 comments on commit 562367f

Please sign in to comment.