Skip to content
Snippets Groups Projects
Verified Commit 6b1b2a12 authored by Eliot Berriot's avatar Eliot Berriot
Browse files

Fixed #49: set CSRF_TRUSTED_ORIGINS from ALLOWED_HOSTS

parent aa3815dc
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
CHANGELOG
+ 7
1
View file @ 6b1b2a12
......@@ -5,11 +5,17 @@ Changelog
0.2.5 (unreleased)
------------------
Features:
- Import: can now specify search template when querying import sources (#45)
- Player: better handling of errors when fetching the audio file (#46)
- Login form: now redirect to previous page after login (#2)
- 404: a decent 404 template, at least (#48)
Bugfixes:
- Player: better handling of errors when fetching the audio file (#46)
- Csrf: default CSRF_TRUSTED_ORIGINS to ALLOWED_HOSTS to avoid Csrf issues on admin (#49)
0.2.4 (2017-12-14)
------------------
......
api/config/settings/production.py
+ 2
0
View file @ 6b1b2a12
......@@ -55,6 +55,8 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# Hosts/domain names that are valid for this site
# See https://docs.djangoproject.com/en/1.6/ref/settings/#allowed-hosts
ALLOWED_HOSTS = env.list('DJANGO_ALLOWED_HOSTS')
CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS
# END SITE CONFIGURATION
INSTALLED_APPS += ("gunicorn", )
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment