Skip to content

Commit

Permalink
fix: SB-814 Missing CSRF_TRUSTED_ORIGINS
Browse files Browse the repository at this point in the history 
* fix: SB-814 Set CSRF_TRUSTED_ORIGINS


Approved-by: Michał Kleszcz
  • Loading branch information
@pmichalek-apptension
pmichalek-apptension committed Feb 15, 2023
1 parent 9862584 commit e192816
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
2 changes: 2 additions & 0 deletions packages/backend/config/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,3 +287,5 @@
'AWS_XRAY_CONTEXT_MISSING': 'IGNORE_ERROR',
'PLUGINS': ('ECSPlugin',),
}

CSRF_TRUSTED_ORIGINS = env("CSRF_TRUSTED_ORIGINS", default=[])
3 changes: 3 additions & 0 deletions packages/backend/infra/stacks/api/stack.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ export class ApiStack extends Stack {
envSettings.domains.www,
].join(',');

const csrfTrustedOrigins = [`https://${envSettings.domains.adminPanel}`].join(',');

const httpsListener =
elb2.ApplicationListener.fromApplicationListenerAttributes(
this,
Expand Down Expand Up @@ -106,6 +108,7 @@ export class ApiStack extends Stack {
CHAMBER_SERVICE_NAME: this.getChamberServiceName(envSettings),
CHAMBER_KMS_KEY_ALIAS: MainKmsKey.getKeyAlias(envSettings),
DJANGO_ALLOWED_HOSTS: allowedHosts,
CSRF_TRUSTED_ORIGINS: csrfTrustedOrigins,
WORKERS_EVENT_BUS_NAME: EnvComponentsStack.getWorkersEventBusName(
props.envSettings
),
Expand Down

0 comments on commit e192816

Please sign in to comment.