diff --git a/.env b/.env index b35aaf92..3cc38d57 100644 --- a/.env +++ b/.env @@ -11,6 +11,8 @@ TAG=latest ALLOWED_HOSTS=localhost,127.0.0.1 +CSRF_TRUSTED_ORIGINS=http://localhost:8000 + API_PORT=127.0.0.1:8000 # authentication server diff --git a/.github/workflows/container-deploy.yml b/.github/workflows/container-deploy.yml index ac7a9a6d..732d69ec 100644 --- a/.github/workflows/container-deploy.yml +++ b/.github/workflows/container-deploy.yml @@ -37,11 +37,13 @@ jobs: run: | echo "SSH_HOST=10.1.0.200" >> $GITHUB_ENV echo "ENVIRONMENT=net" >> $GITHUB_ENV + echo "CSRF_TRUSTED_ORIGINS=https://prices.openfoodfacts.net" >> $GITHUB_ENV - name: Set various variable for production deployment if: matrix.env == 'open-prices-org' run: | echo "SSH_HOST=10.1.0.201" >> $GITHUB_ENV echo "ENVIRONMENT=org" >> $GITHUB_ENV + echo "CSRF_TRUSTED_ORIGINS=https://prices.openfoodfacts.org" >> $GITHUB_ENV - name: Wait for docker image container build workflow uses: tomchv/wait-my-workflow@v1.1.0 id: wait-build @@ -117,6 +119,7 @@ jobs: echo "API_PORT=8190" >> .env echo "DEBUG=False" >> .env echo 'ALLOWED_HOSTS=openfoodfacts-explorer.vercel.app,prices.openfoodfacts.net,prices.openfoodfacts.org' >> .env + echo "CSRF_TRUSTED_ORIGINS=${{ env.CSRF_TRUSTED_ORIGINS }}" >> .env echo "OAUTH2_SERVER_URL=https://world.openfoodfacts.org/cgi/auth.pl" >> .env echo "SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}" >> .env echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env diff --git a/.gitignore b/.gitignore index f76b1ded..3461b390 100644 --- a/.gitignore +++ b/.gitignore @@ -141,4 +141,7 @@ dmypy.json www/app www/img/*/* +www/static/admin +www/static/django_extensions +www/static/rest_framework gh_pages diff --git a/config/settings.py b/config/settings.py index 9f88321e..5d330388 100644 --- a/config/settings.py +++ b/config/settings.py @@ -20,6 +20,9 @@ ALLOWED_HOSTS = [x.strip() for x in os.getenv("ALLOWED_HOSTS", "").split(",")] +# CSRF trusted origins is only used for admin interface, as the rest of +# front-end is using Vue.js and Django REST Framework +CSRF_TRUSTED_ORIGINS = os.getenv("CSRF_TRUSTED_ORIGINS", "").split(",") # App config # ------------------------------------------------------------------------------ diff --git a/docker-compose.yml b/docker-compose.yml index a53fe3b4..9c930324 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,7 @@ x-api-common: &api-common - SECRET_KEY - DEBUG - ALLOWED_HOSTS + - CSRF_TRUSTED_ORIGINS - OAUTH2_SERVER_URL - SENTRY_DSN - LOG_LEVEL