mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-25 00:30:59 +00:00
Fixed #593: Add some docs for TAKAHE_CSRF_HOSTS
This commit is contained in:
parent
a8b31e9f6a
commit
82a9c18205
2 changed files with 13 additions and 1 deletions
|
@ -15,7 +15,7 @@ x-takahe-common:
|
||||||
TAKAHE_DATABASE_SERVER: "postgres://postgres:insecure_password@db/takahe"
|
TAKAHE_DATABASE_SERVER: "postgres://postgres:insecure_password@db/takahe"
|
||||||
TAKAHE_DEBUG: "true"
|
TAKAHE_DEBUG: "true"
|
||||||
TAKAHE_SECRET_KEY: "insecure_secret"
|
TAKAHE_SECRET_KEY: "insecure_secret"
|
||||||
TAKAHE_CSRF_TRUSTED_ORIGINS: '["http://127.0.0.1:8000", "https://127.0.0.1:8000"]'
|
TAKAHE_CSRF_HOSTS: '["http://127.0.0.1:8000", "https://127.0.0.1:8000"]'
|
||||||
TAKAHE_USE_PROXY_HEADERS: "true"
|
TAKAHE_USE_PROXY_HEADERS: "true"
|
||||||
TAKAHE_EMAIL_BACKEND: "console://console"
|
TAKAHE_EMAIL_BACKEND: "console://console"
|
||||||
TAKAHE_MAIN_DOMAIN: "example.com"
|
TAKAHE_MAIN_DOMAIN: "example.com"
|
||||||
|
|
|
@ -122,6 +122,18 @@ be provided to the containers from the first boot.
|
||||||
There are some other, optional variables you can tweak once the
|
There are some other, optional variables you can tweak once the
|
||||||
system is up and working - see :doc:`tuning` for more.
|
system is up and working - see :doc:`tuning` for more.
|
||||||
|
|
||||||
|
If you are behind a caching proxy, such as Cloudflare, you may need to update
|
||||||
|
your CSRF host settings to match. Takahē validates that requests have an
|
||||||
|
Origin header that matches their Referer header by default, and these services
|
||||||
|
can break that relationship.
|
||||||
|
|
||||||
|
Takahē lets you set this up via the ``TAKAHE_CSRF_HOSTS`` environment variable, which takes
|
||||||
|
a Python-list-formatted list of additional protocols/domains to allow, with wildcards. It feeds
|
||||||
|
directly into Django's `CSRF_TRUSTED_ORIGINS <https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins>`_
|
||||||
|
setting, so for more information about how to use it, see `the Django documentation <https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins>`_ - generally, you'd want to set it to
|
||||||
|
your website's public address, so for our server it would have been
|
||||||
|
``TAKAHE_CSRF_HOSTS='["https://takahe.social"]'``.
|
||||||
|
|
||||||
|
|
||||||
.. _media_configuration:
|
.. _media_configuration:
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue