MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/49-csrf-admin' into 'develop' 

Fixed #49: set CSRF_TRUSTED_ORIGINS from ALLOWED_HOSTS

Closes #49

See merge request funkwhale/funkwhale!28
This commit is contained in:
Eliot Berriot 2017-12-15 22:11:21 +00:00
parent aa3815dcdb 6b1b2a1227
commit a6d04ea1d7
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG
View File

@ -5,11 +5,17 @@ Changelog
0.2.5 (unreleased) 0.2.5 (unreleased)
------------------ ------------------
Features:
- Import: can now specify search template when querying import sources (#45) - Import: can now specify search template when querying import sources (#45)
- Player: better handling of errors when fetching the audio file (#46)
- Login form: now redirect to previous page after login (#2) - Login form: now redirect to previous page after login (#2)
- 404: a decent 404 template, at least (#48) - 404: a decent 404 template, at least (#48)
Bugfixes:
- Player: better handling of errors when fetching the audio file (#46)
- Csrf: default CSRF_TRUSTED_ORIGINS to ALLOWED_HOSTS to avoid Csrf issues on admin (#49)
0.2.4 (2017-12-14) 0.2.4 (2017-12-14)
------------------ ------------------

2
api/config/settings/production.py
View File

@ -55,6 +55,8 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# Hosts/domain names that are valid for this site # Hosts/domain names that are valid for this site
# See https://docs.djangoproject.com/en/1.6/ref/settings/#allowed-hosts # See https://docs.djangoproject.com/en/1.6/ref/settings/#allowed-hosts
ALLOWED_HOSTS = env.list('DJANGO_ALLOWED_HOSTS') ALLOWED_HOSTS = env.list('DJANGO_ALLOWED_HOSTS')
CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS
# END SITE CONFIGURATION # END SITE CONFIGURATION
INSTALLED_APPS += ("gunicorn", ) INSTALLED_APPS += ("gunicorn", )