Change CSRF settings

e-mit · Jun 26, 2024 · f25c3b3 · f25c3b3
1 parent 58cd9fd
commit f25c3b3
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/django_app/django_app/settings.py b/django_app/django_app/settings.py
@@ -134,3 +134,13 @@
 STATICFILES_DIRS = [
     BASE_DIR / 'project_static'
 ]
+
+# CSRF setup
+
+if not DEBUG:
+    CSRF_TRUSTED_ORIGINS = [f'https://{x}' for x in ALLOWED_HOSTS]
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+# These are for https only:
+# CSRF_COOKIE_SECURE = True
+# SESSION_COOKIE_SECURE = True