fix csrf did not match trusted origins

should be set by the TUBESYNC_HOSTS environment And the localhost values should always be added to ALLOWED_HSOTS
2021-12-07 14:32:47 +01:00 · 2021-12-07 14:32:47 +01:00 · 8965cf9e29
parent bf2cc9204a
commit 8965cf9e29
1 changed files with 7 additions and 4 deletions
--- a/tubesync/tubesync/local_settings.py.container
+++ b/tubesync/tubesync/local_settings.py.container
@ -14,15 +14,18 @@ DOWNLOADS_BASE_DIR = ROOT_DIR / 'downloads'
 SECRET_KEY = str(os.getenv('DJANGO_SECRET_KEY', 'tubesync-django-secret'))


-ALLOWED_HOSTS_STR = str(os.getenv('TUBESYNC_HOSTS', '127.0.0.1,localhost'))
+ALLOWED_HOSTS_STR = os.getenv('TUBESYNC_HOSTS', '')
+if len(ALLOWED_HOSTS_STR) > 0
+    ALLOWED_HOSTS_STR += ','
+ALLOWED_HOSTS_STR += '127.0.0.1,localhost,::1'
+
 ALLOWED_HOSTS = ALLOWED_HOSTS_STR.split(',')
+CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS_STR.split(',')
+
 DEBUG = True if os.getenv('TUBESYNC_DEBUG', False) else False
 FORCE_SCRIPT_NAME = os.getenv('DJANGO_FORCE_SCRIPT_NAME', None)
-
-
 TIME_ZONE = os.getenv('TZ', 'UTC')

-
 database_dict = {}
 database_connection_env = os.getenv('DATABASE_CONNECTION', '')
 if database_connection_env: