summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--food_project/settings.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/food_project/settings.py b/food_project/settings.py
index 96dcfd0..a2f2c13 100644
--- a/food_project/settings.py
+++ b/food_project/settings.py
@@ -162,3 +162,11 @@ SESSION_SAVE_EVERY_REQUEST = True
LOGIN_URL = 'login'
LOGIN_REDIRECT_URL = 'app-pantry'
LOGOUT_REDIRECT_URL = 'login'
+
+# Behind the nginx HTTPS reverse proxy: trust the forwarded scheme so Django
+# knows requests are HTTPS, and trust the site's origins for CSRF (needed for
+# the login POST and HTMX POSTs now that they're no longer csrf-exempt).
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+CSRF_TRUSTED_ORIGINS = [
+ 'https://food.tomflux.xyz',
+]