jschaufuss/Subscribarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix CSRF

Browse Source
This commit is contained in:
root
2025-08-11 12:57:08 +02:00
parent 686f5815be
commit 8165f70d64
2 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
subscribarr/settings.py
View File

@@ -116,6 +116,21 @@ if not CSRF_TRUSTED_ORIGINS:
CSRF_TRUSTED_ORIGINS = ['https://subscribarr.local.js-devop.de']
USE_X_FORWARDED_HOST = os.getenv('USE_X_FORWARDED_HOST', 'False').lower() == 'true'
if os.getenv('DJANGO_SECURE_PROXY_SSL_HEADER', '').lower() in ('1', 'true', 'yes'):
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# Secure cookies when served over HTTPS (optional)
CSRF_COOKIE_SECURE = os.getenv('DJANGO_CSRF_COOKIE_SECURE', 'False').lower() == 'true'
SESSION_COOKIE_SECURE = os.getenv('DJANGO_SESSION_COOKIE_SECURE', 'False').lower() == 'true'
# Optional cookie domain override (for subdomain setups)
_cookie_domain = os.getenv('DJANGO_COOKIE_DOMAIN', '').strip()
if _cookie_domain:
CSRF_COOKIE_DOMAIN = _cookie_domain
SESSION_COOKIE_DOMAIN = _cookie_domain
# Internationalization
# https://docs.djangoproject.com/en/5.2/topics/i18n/