Skip to content

Commit

Permalink
Fix GUI service CSRF issues in development.
Browse files Browse the repository at this point in the history
  • Loading branch information
robertbartel committed Aug 22, 2024
1 parent 0b11f85 commit 860a3c3
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions docker/nwm_gui/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,9 @@ services:
- SQL_PORT=5432
- DATABASE=postgres
- DOCKER_SECRET_POSTGRES_PASS=postgres_password
- DEBUG=${DOCKER_GUI_DEV_MODE:-true}
# Should be a comma-delimited string if needing more than one
- TRUSTED_ORIGINS=${DOCKER_GUI_TRUSTED_ORIGINS:-http://127.0.0.1:${DOCKER_GUI_WEB_SERVER_HOST_PORT:-8081}}
volumes:
- ${DMOD_APP_STATIC:?}:/usr/maas_portal/static
- ${DMOD_SSL_DIR}/request-service:/usr/maas_portal/ssl
Expand Down
3 changes: 3 additions & 0 deletions python/gui/maas_experiment/settings.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
"""
Django settings for maas_experiment project
"""
import os

from .application_values import *
from .logging import *
Expand Down Expand Up @@ -34,6 +35,8 @@
# packet sniffer and use the cookie to hijack the user’s session.
SESSION_COOKIE_SECURE = not DEBUG

CSRF_TRUSTED_ORIGINS = os.environ.get('TRUSTED_ORIGINS', '').split(',')

# Whether to use a secure cookie for the CSRF cookie. If this is set to True, the cookie will be marked as “secure”,
# which means browsers may ensure that the cookie is only sent with an HTTPS connection.
CSRF_COOKIE_SECURE = not DEBUG
Expand Down

0 comments on commit 860a3c3

Please sign in to comment.