Fixed CSRF-related issues and profilepictures by starting caddy for development server too. Also improved boostrap script. #15 #16

2023-02-11 18:04:52 +01:00 · 2023-02-11 18:04:52 +01:00 · 01aa31a8a1
commit 01aa31a8a1
parent 5572fec9c1
8 changed files with 99 additions and 41 deletions
--- a/project/settings.py
+++ b/project/settings.py
@ -125,6 +125,11 @@ AUTH_USER_MODEL = "app.User"
 SESSION_COOKIE_AGE = int(config["app"]["session_cookie_age"])
 CSRF_COOKIE_SECURE = True
 SESSION_COOKIE_SECURE = True
+CSRF_TRUSTED_ORIGINS = [
+    f"https://{config['caddy']['host']}",
+    f"http://{config['caddy']['host']}",
+    f"https://{config['caddy']['host']}:{config['caddy']['https_port']}",
+    f"http://{config['caddy']['host']}:{config['caddy']['https_port']}"]

 # Internationalization
 # https://docs.djangoproject.com/en/4.1/topics/i18n/