In addition to ALLOWED_HOSTS, we now must have CSRF_TRUSTED_ORIGINS defined. This variable requires the scheme (http:// or https://).
Like ALLOWED_HOSTS, CSRF_TRUSTED_ORIGINS is a list of strings, with one entry for each host which is trusted for POST requests. https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins Signed-off-by: Tim Orling <[email protected]> --- docker/settings.py | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/settings.py b/docker/settings.py index a73178c..33ab332 100644 --- a/docker/settings.py +++ b/docker/settings.py @@ -307,6 +307,7 @@ TOOLS_LOG_DIR = "" USE_X_FORWARDED_HOST = True ALLOWED_HOSTS = [os.getenv('HOSTNAME', 'layers.test')] +CSRF_TRUSTED_ORIGINS = ['https://' + os.getenv('HOSTNAME', 'layers.test')] SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#61274): https://lists.yoctoproject.org/g/yocto/message/61274 Mute This Topic: https://lists.yoctoproject.org/mt/101805414/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
