From e64120aba94f326b5a6092a32c2ef9da05a8aeef Mon Sep 17 00:00:00 2001 From: phillybroadbent Date: Thu, 11 Apr 2024 10:37:21 +0100 Subject: [PATCH 1/2] Adding CSRF trusted hosts to django settings --- lowfat/settings.py | 7 +++++++ requirements.txt | 5 +++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lowfat/settings.py b/lowfat/settings.py index e8975d4a..fd98c772 100644 --- a/lowfat/settings.py +++ b/lowfat/settings.py @@ -62,6 +62,7 @@ 'bootstrap_datepicker_plus', 'constance', 'constance.backends.database', + 'corsheaders', 'crispy_forms', 'crispy_bootstrap5', 'dbbackup', @@ -90,10 +91,16 @@ 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'simple_history.middleware.HistoryRequestMiddleware', + 'corsheaders.middleware.CorsMiddleware', ] ROOT_URLCONF = 'lowfat.urls' +CSRF_TRUSTED_ORIGINS = [ + 'localhost:8000', + 'https://fellows.software.ac.uk', +] + TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', diff --git a/requirements.txt b/requirements.txt index e8400ca6..b736db42 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,6 +11,7 @@ Django==4.2 django-appconf==1.0.5 django-bootstrap-datepicker-plus==4.0.0 django-constance==2.9.1 +django-cors-headers==4.3.1 django-countries==7.3.2 django-crispy-forms==1.14.0 django-datetime-widget==0.9.3 @@ -36,7 +37,7 @@ odfpy==1.4.1 openpyxl==3.1.2 pandas==1.4.3 pilkit==2.0 -Pillow==10.2.0 +pillow==10.2.0 pycparser==2.21 PyJWT==2.4.0 PyPDF2==2.10.3 @@ -57,4 +58,4 @@ tablib==3.5.0 typing_extensions==4.3.0 urllib3==1.26.12 xlrd==2.0.1 -xlwt==1.3.0 \ No newline at end of file +xlwt==1.3.0 From dc4848a74dcb3eafbf5a12d7e340fb6df2bf5c46 Mon Sep 17 00:00:00 2001 From: phillybroadbent Date: Thu, 11 Apr 2024 10:42:09 +0100 Subject: [PATCH 2/2] Editing local CSRF trusted origin --- lowfat/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lowfat/settings.py b/lowfat/settings.py index fd98c772..6fbbe834 100644 --- a/lowfat/settings.py +++ b/lowfat/settings.py @@ -97,7 +97,7 @@ ROOT_URLCONF = 'lowfat.urls' CSRF_TRUSTED_ORIGINS = [ - 'localhost:8000', + 'http://127.0.0.1:8000', 'https://fellows.software.ac.uk', ]