github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #9138 from jumpserver/pr@dev@fix_csrf_403_error 

fix: 增加CSRF_TRUSTED_ORIGINS参数,解决CSRF报错
pull/9159/head
老广 2022-12-02 10:40:55 +08:00 committed by GitHub
parent 2401c241f2 269c087bac
commit 07f2e66546
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/jumpserver/conf.py
View File

@ -494,6 +494,7 @@ class Config(dict):
'SESSION_COOKIE_SECURE': False,
'CSRF_COOKIE_SECURE': False,
'REFERER_CHECK_ENABLED': False,
'CSRF_TRUSTED_ORIGINS': '',
'SESSION_ENGINE': 'cache',
'SESSION_SAVE_EVERY_REQUEST': True,
'SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE': False,

3
apps/jumpserver/settings/base.py
View File

@ -59,6 +59,9 @@ SITE_URL = CONFIG.SITE_URL
# https://docs.djangoproject.com/en/4.1/ref/settings/
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS
CSRF_TRUSTED_ORIGINS = CONFIG.CSRF_TRUSTED_ORIGINS.split(',') if CONFIG.CSRF_TRUSTED_ORIGINS else []
# LOG LEVEL
LOG_LEVEL = CONFIG.LOG_LEVEL