Fixed CSRF problem

2022-06-07 10:39:23 +04:30 · 2022-06-07 10:39:23 +04:30 · 26fd76670e
commit 26fd76670e
parent 61a3afbb3b
2 changed files with 4 additions and 1 deletions
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@ -34,6 +34,8 @@ _BASE_DIR = dirname(dirname(abspath(__file__)))
 #
 # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
 ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ')
+# Example: CSRF_TRUSTED_ORIGINS = http://netbox.example.com/*
+CSRF_TRUSTED_ORIGINS = environ.get('CSRF_TRUSTED_ORIGINS', '').split(' ')

 # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
 #   https://docs.djangoproject.com/en/stable/ref/settings/#databases
@ -82,7 +84,7 @@ SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', ''))


 #########################
-#                       #
+#                       #http://localhost
 #   Optional settings   #
 #                       #
 #########################
--- a/env/netbox.env
+++ b/env/netbox.env
@ -1,4 +1,5 @@
 CORS_ORIGIN_ALLOW_ALL=True
+CSRF_TRUSTED_ORIGINS=http://netbox.example.com/*
 DB_HOST=postgres
 DB_NAME=netbox
 DB_PASSWORD=J5brHrAXFLQSif0K