From 78b72c0889ae60f80b6cf57017813f4b5c4fe7fc Mon Sep 17 00:00:00 2001 From: Bobby Date: Fri, 21 Jul 2023 18:48:53 -0400 Subject: Ensured CSRF Cookie for Solitude --- solitude/backend/views.py | 2 ++ thatcomputerscientist/settings.py | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/solitude/backend/views.py b/solitude/backend/views.py index 1addeaea..ccce0471 100644 --- a/solitude/backend/views.py +++ b/solitude/backend/views.py @@ -4,11 +4,13 @@ from django.shortcuts import render from django.views.generic import TemplateView from django.views.decorators.cache import never_cache from .constants.welcome_playlist import WELCOME_TRACKS +from django.views.decorators.csrf import ensure_csrf_cookie # Create your views here. index_view = never_cache(TemplateView.as_view(template_name='@solitude_frontend/index.html')) +@ensure_csrf_cookie def home(request): visited = request.COOKIES.get('visited', False) if not visited or visited == 'False': diff --git a/thatcomputerscientist/settings.py b/thatcomputerscientist/settings.py index 392dd0ab..4636ee0b 100644 --- a/thatcomputerscientist/settings.py +++ b/thatcomputerscientist/settings.py @@ -38,7 +38,6 @@ DEBUG = True if os.getenv('ENVIRONMENT') == 'development' else False ALLOWED_HOSTS = ["*"] CSRF_TRUSTED_ORIGINS = ['https://*.thatcomputerscientist.com', 'http://*.thatcomputerscientist.com', 'https://*.shi.foo'] -CORS_ALLOWED_ORIGINS = ['https://*.thatcomputerscientist.com', 'http://*.thatcomputerscientist.com', 'https://*.shi.foo'] DOMAIN_NAME = "shi.foo" SESSION_COOKIE_DOMAIN = os.getenv('DOMAIN') if os.getenv('ENVIRONMENT') == 'development' else ".shi.foo" SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') @@ -61,7 +60,6 @@ INSTALLED_APPS = [ 'django.contrib.sitemaps', 'sslserver', 'rest_framework', - 'corsheaders', 'thatcomputerscientist', 'haystack', 'django_hosts', @@ -102,7 +100,6 @@ MIDDLEWARE = [ 'whitenoise.middleware.WhiteNoiseMiddleware', 'middleware.oldbrowsermiddleware.OldBrowserMiddleware', 'middleware.globalmetamiddleware.GlobalMetaMiddleware', - 'corsheaders.middleware.CorsMiddleware', 'middleware.uuidmiddleware.UserUUIDMiddleware', 'django_hosts.middleware.HostsResponseMiddleware' ] -- cgit v1.2.3