Add support for a `CSRF_TRUSTED_ORIGINS` configuration environment variable

See #393.
This commit is contained in:
Christopher C. Wells 2022-02-21 15:37:51 -08:00
parent 92071fbe19
commit 2f9658d7de
2 changed files with 7 additions and 18 deletions

View File

@ -243,6 +243,7 @@ SESSION_COOKIE_HTTPONLY = True
# https://docs.djangoproject.com/en/3.2/ref/csrf/#settings
CSRF_COOKIE_HTTPONLY = True
# CSRF_COOKIE_SECURE = True
CSRF_TRUSTED_ORIGINS = os.environ.get("CSRF_TRUSTED_ORIGINS", []).split(",")
# https://docs.djangoproject.com/en/3.2/topics/auth/passwords/
AUTH_PASSWORD_VALIDATORS = [

View File

@ -66,28 +66,16 @@ If you would like to use AWS S3 for storage on ephemeral storage platforms like
Heroku you will need to create a bucket and add its name. See django-storages'
[Amazon S3 documentation](https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html).
## `DEBUG`
## `CSRF_TRUSTED_ORIGINS`
*Default: False*
*Default: None*
When in debug mode, Baby Buddy will print much more detailed error information
for exceptions. This setting should be *False* in production deployments.
If Baby Buddy is behind a proxy, you may need add the domain to this setting for form
submission to work correctly.
See also [Django's documentation on the DEBUG setting](https://docs.djangoproject.com/en/3.0/ref/settings/#debug).
See also [Django's documentation on the `CSRF_TRUSTED_ORIGINS` setting](https://docs.djangoproject.com/en/4.0/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS)
and the [`SECURE_PROXY_SSL_HEADER`](#secure_proxy_ssl_header) environment variable.
## `NAP_START_MAX`
*Default: 18:00*
The maximum nap *start* time (in the instance's time zone). Expects the 24-hour
format %H:%M.
## `NAP_START_MIN`
*Default: 06:00*
The minimum nap *start* time (in the instance's time zone). Expects the 24-hour
format %H:%M.
## `DB_ENGINE`