From e646ad6f812a9d52067e9069f0fd4cec097087c9 Mon Sep 17 00:00:00 2001 From: Sean Morley Date: Wed, 10 Jul 2024 08:27:11 -0400 Subject: [PATCH 1/2] chore: Update CSRF_TRUSTED_ORIGINS in settings.py --- backend/server/demo/settings.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/server/demo/settings.py b/backend/server/demo/settings.py index 7c09d06..81f3d0f 100644 --- a/backend/server/demo/settings.py +++ b/backend/server/demo/settings.py @@ -208,8 +208,8 @@ CORS_ORIGIN_ALLOW_ALL = True CSRF_TRUSTED_ORIGINS = [ - # 'https://api.adventurelog.app', - # 'https://adventurelog.app', + 'https://api.adventurelog.app', + 'https://adventurelog.app', ] From ad90f03a45df860e78b9bf27ee2b90317bd5a166 Mon Sep 17 00:00:00 2001 From: Sean Morley Date: Wed, 10 Jul 2024 08:46:38 -0400 Subject: [PATCH 2/2] docker --- backend/server/demo/settings.py | 8 +++----- docker-compose.yml | 1 + 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/backend/server/demo/settings.py b/backend/server/demo/settings.py index 81f3d0f..a84b7b7 100644 --- a/backend/server/demo/settings.py +++ b/backend/server/demo/settings.py @@ -207,10 +207,8 @@ SWAGGER_SETTINGS = { CORS_ORIGIN_ALLOW_ALL = True -CSRF_TRUSTED_ORIGINS = [ - 'https://api.adventurelog.app', - 'https://adventurelog.app', - -] +from os import getenv + +CSRF_TRUSTED_ORIGINS = getenv('CSRF_TRUSTED_ORIGINS', 'localhost').split(',') DEFAULT_AUTO_FIELD = 'django.db.models.AutoField' diff --git a/docker-compose.yml b/docker-compose.yml index 1c98526..f479187 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,6 +35,7 @@ services: - DJANGO_ADMIN_PASSWORD=admin - DJANGO_ADMIN_EMAIL=admin@example.com - PUBLIC_URL='http://127.0.0.1:81' + - CSRF_TRUSTED_ORIGINS=https://api.adventurelog.app,https://adventurelog.app - DEBUG=False ports: - "8000:8000"