fix: added csrf origins for production environments

zimmerman-team · Aug 29, 2023 · 365a4b4 · 365a4b4
1 parent c017ebf
commit 365a4b4
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 1 deletion.
diff --git a/.env.example.docker b/.env.example.docker
@@ -48,3 +48,6 @@ MONGO_CONNECTION_STRING=mongodb://admin_example:exampl3_123!@mongo:27017
 
 # NGINX HOST, localhost for local development, iati.cloud for production
 IC_DOMAIN=localhost
+
+# Source of incoming requests and access to Django admin, for example in production: "https://datastore.iati.cloud"
+CSRF_TRUSTED_ORIGINS=https://<your_domain>
diff --git a/.env.example.local b/.env.example.local
@@ -45,3 +45,6 @@ MONGO_CONNECTION_STRING=mongodb://admin_example:exampl3_123!@localhost:27017
 
 # NGINX HOST, localhost for local development, iati.cloud for production
 IC_DOMAIN=localhost
+
+# Source of incoming requests and access to Django admin, for example in production: "https://datastore.iati.cloud"
+CSRF_TRUSTED_ORIGINS=https://<your_domain>
diff --git a/direct_indexing/tasks.py b/direct_indexing/tasks.py
@@ -117,7 +117,7 @@ def fcdo_replace_partial_url(find_url, replace_url):
     logging.info("fcdo_replace_partial_url:: update dataset_metadata file")
     path = f'{settings.DATASET_PARENT_PATH}/dataset_metadata.json'
     with open(path, 'w') as file:
-        json.dump(dataset_metadata, file)
+        json.dump(dataset_metadata, file, indent=4)
 
     # run the dataset metadata with update = True and force_update = True
     # this will automatically all the files that have a new URL and a new HASH

diff --git a/iaticloud/settings.py b/iaticloud/settings.py
@@ -210,3 +210,6 @@ def env_bool(var_name, default='False'):
 
 # # Fresh dataset
 FRESH = env_bool('FRESH', 'True')
+
+# Origins for production
+CSRF_TRUSTED_ORIGINS = [os.getenv('CSRF_TRUSTED_ORIGINS'), 'http://localhost/']