Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-08-04 12:45:17 +02:00
Code Issues Releases Activity

Merge pull request #442 from seanmorley15/development

Browse source 
Development
This commit is contained in:
Sean Morley 2025-01-13 19:55:15 -05:00 committed by GitHub
commit 187f4c0a4f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 39 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

14
backend/server/adventures/middleware.py
View file

@ -31,12 +31,16 @@ class OverrideHostMiddleware:
def __init__(self, get_response): def __init__(self, get_response):
self.get_response = get_response self.get_response = get_response
def __call__(self, request: HttpRequest): def __call__(self, request):
# Override the host with the PUBLIC_URL environment variable
public_url = os.getenv('PUBLIC_URL', None) public_url = os.getenv('PUBLIC_URL', None)
if public_url: if public_url:
# Split the public URL to extract the host and port (if available) # Extract host and scheme
host = public_url.split("//")[-1].split("/")[0] scheme, host = public_url.split("://")
request.META['HTTP_HOST'] = host # Override the HTTP_HOST header request.META['HTTP_HOST'] = host
request.META['wsgi.url_scheme'] = scheme
# Set X-Forwarded-Proto for Django
request.META['HTTP_X_FORWARDED_PROTO'] = scheme
response = self.get_response(request) response = self.get_response(request)
return response return response

2
backend/server/main/settings.py
View file

@ -139,6 +139,8 @@ SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) >
# Static files (CSS, JavaScript, Images) # Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.7/howto/static-files/ # https://docs.djangoproject.com/en/1.7/howto/static-files/
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
BASE_DIR = Path(__file__).resolve().parent.parent BASE_DIR = Path(__file__).resolve().parent.parent
STATIC_ROOT = BASE_DIR / "staticfiles" STATIC_ROOT = BASE_DIR / "staticfiles"

32
frontend/src/routes/+page.server.ts
View file

@ -36,13 +36,37 @@ export const actions: Actions = {
method: 'DELETE', method: 'DELETE',
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`, 'X-CSRFToken': csrfToken, // Ensure CSRF token is in header
'X-CSRFToken': csrfToken Referer: event.url.origin, // Include Referer header
Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`
}, },
credentials: 'include' credentials: 'include'
}); });
if (res.status == 401) {
event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' }); // Determine the proper cookie domain
const hostname = event.url.hostname;
const domainParts = hostname.split('.');
let cookieDomain: string | undefined = undefined;
if (domainParts.length > 2) {
// For subdomains like app.mydomain.com -> .mydomain.com
cookieDomain = '.' + domainParts.slice(-2).join('.');
} else if (domainParts.length === 2) {
// For root domains like mydomain.com -> .mydomain.com
cookieDomain = '.' + hostname;
} else {
// For localhost or single-part domains (e.g., "localhost")
cookieDomain = undefined; // Do not set the domain
}
// Delete the session cookie
event.cookies.delete('sessionid', {
path: '/',
secure: event.url.protocol === 'https:',
domain: cookieDomain
});
if (res.status === 401) {
return redirect(302, '/login'); return redirect(302, '/login');
} else { } else {
return redirect(302, '/'); return redirect(302, '/');