fix CSRF

2025-08-11 12:57:08 +02:00
parent 686f5815be
commit 7470c2d3d0
3 changed files with 21 additions and 5 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,11 +8,15 @@ services:
    environment:
      # Django
      - DJANGO_DEBUG=true
+      - USE_X_FORWARDED_HOST=true
+      - DJANGO_SECURE_PROXY_SSL_HEADER=true
+      - DJANGO_CSRF_COOKIE_SECURE=true
+      - DJANGO_SESSION_COOKIE_SECURE=true
      - DJANGO_ALLOWED_HOSTS=*
      - DJANGO_SECRET_KEY=change-me
      - DB_PATH=/app/data/db.sqlite3
      - NOTIFICATIONS_ALLOW_DUPLICATES=false
-      - DJANGO_CSRF_TRUSTED_ORIGINS="https://subscribarr.example.com,https://app.example.org"
+      - DJANGO_CSRF_TRUSTED_ORIGINS="https://subscribarr.local.js-devop.de"
      # App Settings (optional, otherwise use first-run setup)
      #- JELLYFIN_URL=
      #- JELLYFIN_API_KEY=
@@ -33,8 +37,5 @@ services:
      # Cron schedule (default every 30min)
      - CRON_SCHEDULE=*/30 * * * *
    volumes:
-      - subscribarr-data:/app/data
+      - ./data:/app/data
    restart: unless-stopped
-
-volumes:
-  subscribarr-data: