PublicSnapshot
/
tubesync
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduce extra security for x-forwarded-host header 

I think this secures the website even more by also checking the x-forwarded-host header for every request.
This is an addition to the previous commit
This commit is contained in:
Luc 2021-12-08 10:56:06 +01:00
parent 95b77765c7
commit 139d79b2e6
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tubesync/tubesync/local_settings.py.container
View File

@ -19,6 +19,11 @@ CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS_STR.split(',')
ALLOWED_HOSTS = [127.0.0.1] ALLOWED_HOSTS = [127.0.0.1]
if len(ALLOWED_HOSTS_STR) > 0:
USE_X_FORWARDED_HOST = True
ALLOWED_HOSTS += CSRF_TRUSTED_ORIGINS
DEBUG = True if os.getenv('TUBESYNC_DEBUG', False) else False DEBUG = True if os.getenv('TUBESYNC_DEBUG', False) else False
FORCE_SCRIPT_NAME = os.getenv('DJANGO_FORCE_SCRIPT_NAME', None) FORCE_SCRIPT_NAME = os.getenv('DJANGO_FORCE_SCRIPT_NAME', None)
TIME_ZONE = os.getenv('TZ', 'UTC') TIME_ZONE = os.getenv('TZ', 'UTC')