Stop sharing cookie for CSRF, but continue…

sharing the session cookie with KoBoCAT. Requires accompanying changes in KoBoCAT and kobo-docker. See #2658
kobotoolbox · May 6, 2020 · 7113ec2 · 7113ec2
1 parent c59cb15
commit 7113ec2
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/kobo/settings/base.py b/kobo/settings/base.py
@@ -46,9 +46,8 @@
     USE_X_FORWARDED_HOST = True
 
 # Domain must not exclude KoBoCAT when sharing sessions
-if os.environ.get('CSRF_COOKIE_DOMAIN'):
-    CSRF_COOKIE_DOMAIN = os.environ['CSRF_COOKIE_DOMAIN']
-    SESSION_COOKIE_DOMAIN = CSRF_COOKIE_DOMAIN
+if os.environ.get('SESSION_COOKIE_DOMAIN'):
+    SESSION_COOKIE_DOMAIN = os.environ['SESSION_COOKIE_DOMAIN']
     SESSION_COOKIE_NAME = 'kobonaut'
 
 # "Although the setting offers little practical benefit, it's sometimes