admin/lms-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: improve CSRF_TRUSTED_ORIGINS
Build & Push Docker Image (Backend) / build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Flook
2026-04-28 15:54:51 +07:00
parent 2973329715
commit 14f0125a32
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/settings.py
+17 -1
View File
@@ -27,7 +27,13 @@ SECRET_KEY = os.environ.get("SECRET_KEY", "unsafe-dev-secret")
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False DEBUG = False
ALLOWED_HOSTS = ["*"] # อนุญาตให้ Domain ใหม่เข้าถึง Application ได้
ALLOWED_HOSTS = [
"lms-admin.panmodel.com",
"api.panmodel.com",
"localhost",
"127.0.0.1",
]
# Application definition # Application definition
INSTALLED_APPS = [ INSTALLED_APPS = [
@@ -114,6 +120,16 @@ REST_FRAMEWORK = {
CORS_ALLOW_ALL_ORIGINS = True # ควรเป็น False ใน Production CORS_ALLOW_ALL_ORIGINS = True # ควรเป็น False ใน Production
# ยืนยันความปลอดภัยให้ Domain ใหม่ (ต้องใส่ https:// ด้วยครับ)
CSRF_TRUSTED_ORIGINS = [
"https://lms-admin.panmodel.com",
]
# บอกให้ Django รู้ว่าอยู่หลัง Nginx Ingress (เพื่อให้ดึง Protocol/Host ถูกต้อง)
USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
# Password validation # Password validation
# https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators