chore: improve CSRF_TRUSTED_ORIGINS
Build & Push Docker Image (Backend) / build (push) Has been cancelled
Build & Push Docker Image (Backend) / build (push) Has been cancelled
This commit is contained in:
Flook
+17
-1
@@ -27,7 +27,13 @@ SECRET_KEY = os.environ.get("SECRET_KEY", "unsafe-dev-secret")
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
DEBUG = False
|
||||
|
||||
ALLOWED_HOSTS = ["*"]
|
||||
# อนุญาตให้ Domain ใหม่เข้าถึง Application ได้
|
||||
ALLOWED_HOSTS = [
|
||||
"lms-admin.panmodel.com",
|
||||
"api.panmodel.com",
|
||||
"localhost",
|
||||
"127.0.0.1",
|
||||
]
|
||||
|
||||
# Application definition
|
||||
INSTALLED_APPS = [
|
||||
@@ -114,6 +120,16 @@ REST_FRAMEWORK = {
|
||||
|
||||
CORS_ALLOW_ALL_ORIGINS = True # ควรเป็น False ใน Production
|
||||
|
||||
# ยืนยันความปลอดภัยให้ Domain ใหม่ (ต้องใส่ https:// ด้วยครับ)
|
||||
CSRF_TRUSTED_ORIGINS = [
|
||||
"https://lms-admin.panmodel.com",
|
||||
]
|
||||
|
||||
# บอกให้ Django รู้ว่าอยู่หลัง Nginx Ingress (เพื่อให้ดึง Protocol/Host ถูกต้อง)
|
||||
USE_X_FORWARDED_HOST = True
|
||||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
|
||||
|
||||
# Password validation
|
||||
# https://docs.djangoproject.com/en/6.0/ref/settings/#auth-password-validators
|
||||
|
||||
|
||||
Reference in New Issue
Block a user