Merge pull request #139 from ZdruzenieSTROM/csrf-galiba

CSRF
ZdruzenieSTROM · Aug 21, 2024 · f94719b · f94719b
2 parents 8b58f44 + 39b2bfa
commit f94719b
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 10 deletions.
diff --git a/compose-test.yaml b/compose-test.yaml
@@ -5,7 +5,7 @@ services:
     build:
       context: .
       args:
-        SETTINGS_MODULE: mas_problem.settings.settings
+        SETTINGS_MODULE: mas_problem.settings.test_settings
     ports:
       - "8630:8000"
     volumes:

diff --git a/mas_problem/settings/prod_settings.py b/mas_problem/settings/prod_settings.py
@@ -1,4 +1,7 @@
-from .settings import *  # pylint: disable=unused-wildcard-import, wildcard-import
+from .test_settings import *  # pylint: disable=unused-wildcard-import, wildcard-import
 
 DEBUG = False
 
+ALLOWED_HOSTS = [
+    "masproblem.strom.sk",
+]
diff --git a/mas_problem/settings/settings.py b/mas_problem/settings/settings.py
@@ -31,14 +31,8 @@ def read_secret(secret_name: str) -> str:
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = ['masproblem.strom.sk',
-                 'masproblemtest.strom.sk', 'localhost']
-
-CSRF_TRUSTED_ORIGINS = ['https://masproblem.strom.sk',
-                        'https://www.masproblem.strom.sk',
-                        'http://masproblemtest.strom.sk',
-                        'http://www.masproblemtest.strom.sk'
-                        ]
+ALLOWED_HOSTS = []
+
 SITE_ID = 1
 
 # Application definition

diff --git a/mas_problem/settings/test_settings.py b/mas_problem/settings/test_settings.py
@@ -0,0 +1,9 @@
+from .settings import * # pylint: disable=unused-wildcard-import, wildcard-import
+
+ALLOWED_HOSTS = [
+    'masproblemtest.strom.sk',
+]
+
+USE_X_FORWARDED_HOST = True
+
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")