diff options
Diffstat (limited to 'food_project')
| -rw-r--r-- | food_project/settings.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/food_project/settings.py b/food_project/settings.py index 96dcfd0..a2f2c13 100644 --- a/food_project/settings.py +++ b/food_project/settings.py @@ -162,3 +162,11 @@ SESSION_SAVE_EVERY_REQUEST = True LOGIN_URL = 'login' LOGIN_REDIRECT_URL = 'app-pantry' LOGOUT_REDIRECT_URL = 'login' + +# Behind the nginx HTTPS reverse proxy: trust the forwarded scheme so Django +# knows requests are HTTPS, and trust the site's origins for CSRF (needed for +# the login POST and HTMX POSTs now that they're no longer csrf-exempt). +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') +CSRF_TRUSTED_ORIGINS = [ + 'https://food.tomflux.xyz', +] |
