feat: add CSRF_TRUSTED_ORIGINS to docker env variables generation

542fb643 · Timothee P · b43ff1bb · 542fb643 · 542fb643
Commit 542fb643 authored 5 months ago by Timothee P
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,6 +14,7 @@ services:
    environment:
      - SECRET_KEY=${SECRET}
      - ALLOWED_HOSTS=${DOMAINS:-127.0.0.1}
+      - CSRF_TRUSTED_ORIGINS=${CSRF_TRUSTED_ORIGINS}
      - DEBUG=${DEBUG:-False}
      - TIME_ZONE=Europe/Paris
      - LOG_LEVEL=${LOG_LEVEL:-INFO}

--- a/env.sample
+++ b/env.sample
@@ -10,6 +10,10 @@
 # Django ALLOWED_HOST comma separeted values
 DOMAINS=localhost,127.0.0.1,geocontrib.dev.neogeo.fr

+# External authorized domains to securize request from CSRF attacks. 
+# Since django 4 each domain should include a schema (ex : `https://` ou `http://`)
+CSRF_TRUSTED_ORIGINS=['https://geocontrib.dev.neogeo.fr']
+
 # Port the front will bind on host
 #HTTP_PORT=80