csrf fix behind proxy

ansibleguy · Feb 15, 2024 · 5e22eea · 5e22eea
1 parent 307386f
commit 5e22eea
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/src/ansible-webui/aw/settings.py b/src/ansible-webui/aw/settings.py
@@ -21,7 +21,6 @@
 ]
 
 DEBUG = deployment_dev()
-ALLOWED_HOSTS = ['*']
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 X_FRAME_OPTIONS = 'SAMEORIGIN'
 
@@ -58,15 +57,22 @@
 ]
 if 'AW_PROXY' in environ:
     SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+    USE_X_FORWARDED_HOST = True
 
+ALLOWED_HOSTS = ['*']
 if 'AW_HOSTNAMES' in environ:
     for hostname in environ['AW_HOSTNAMES'].split(','):
         ALLOWED_HOSTS.append(hostname)
         CSRF_TRUSTED_ORIGINS.extend([
-            f'http://{hostname}', f'https://{hostname}',
-            f'http://{hostname}:{PORT_WEB}', f'https://{hostname}:{PORT_WEB}',
+            f'http://{hostname}',
+            f'https://{hostname}',
+            f'http://{hostname}:{PORT_WEB}',
+            f'https://{hostname}:{PORT_WEB}',
         ])
 
+CSRF_ALLOWED_ORIGINS = CSRF_TRUSTED_ORIGINS
+CORS_ORIGINS_WHITELIST = CSRF_TRUSTED_ORIGINS
+
 ROOT_URLCONF = 'aw.urls'
 TEMPLATES = [
     {