diff options
| author | Bobby <[email protected]> | 2023-07-21 18:48:53 -0400 |
|---|---|---|
| committer | Bobby <[email protected]> | 2023-07-21 18:48:53 -0400 |
| commit | 78b72c0889ae60f80b6cf57017813f4b5c4fe7fc (patch) | |
| tree | a79690cf92f6510c6d0b83d18b348a2c264a95b4 | |
| parent | d9116c128b57fa368633582744bd1190966ca01b (diff) | |
| download | thatcomputerscientist-78b72c0889ae60f80b6cf57017813f4b5c4fe7fc.tar.xz thatcomputerscientist-78b72c0889ae60f80b6cf57017813f4b5c4fe7fc.zip | |
Ensured CSRF Cookie for Solitude
| -rw-r--r-- | solitude/backend/views.py | 2 | ||||
| -rw-r--r-- | thatcomputerscientist/settings.py | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/solitude/backend/views.py b/solitude/backend/views.py index 1addeaea..ccce0471 100644 --- a/solitude/backend/views.py +++ b/solitude/backend/views.py @@ -4,11 +4,13 @@ from django.shortcuts import render from django.views.generic import TemplateView from django.views.decorators.cache import never_cache from .constants.welcome_playlist import WELCOME_TRACKS +from django.views.decorators.csrf import ensure_csrf_cookie # Create your views here. index_view = never_cache(TemplateView.as_view(template_name='@solitude_frontend/index.html')) +@ensure_csrf_cookie def home(request): visited = request.COOKIES.get('visited', False) if not visited or visited == 'False': diff --git a/thatcomputerscientist/settings.py b/thatcomputerscientist/settings.py index 392dd0ab..4636ee0b 100644 --- a/thatcomputerscientist/settings.py +++ b/thatcomputerscientist/settings.py @@ -38,7 +38,6 @@ DEBUG = True if os.getenv('ENVIRONMENT') == 'development' else False ALLOWED_HOSTS = ["*"] CSRF_TRUSTED_ORIGINS = ['https://*.thatcomputerscientist.com', 'http://*.thatcomputerscientist.com', 'https://*.shi.foo'] -CORS_ALLOWED_ORIGINS = ['https://*.thatcomputerscientist.com', 'http://*.thatcomputerscientist.com', 'https://*.shi.foo'] DOMAIN_NAME = "shi.foo" SESSION_COOKIE_DOMAIN = os.getenv('DOMAIN') if os.getenv('ENVIRONMENT') == 'development' else ".shi.foo" SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') @@ -61,7 +60,6 @@ INSTALLED_APPS = [ 'django.contrib.sitemaps', 'sslserver', 'rest_framework', - 'corsheaders', 'thatcomputerscientist', 'haystack', 'django_hosts', @@ -102,7 +100,6 @@ MIDDLEWARE = [ 'whitenoise.middleware.WhiteNoiseMiddleware', 'middleware.oldbrowsermiddleware.OldBrowserMiddleware', 'middleware.globalmetamiddleware.GlobalMetaMiddleware', - 'corsheaders.middleware.CorsMiddleware', 'middleware.uuidmiddleware.UserUUIDMiddleware', 'django_hosts.middleware.HostsResponseMiddleware' ] |
