Merge pull request #9138 from jumpserver/pr@dev@fix_csrf_403_error

fix: 增加CSRF_TRUSTED_ORIGINS参数，解决CSRF报错

apps/jumpserver/conf.py

@@ -494,6 +494,7 @@ class Config(dict):
         'SESSION_COOKIE_SECURE': False,
         'CSRF_COOKIE_SECURE': False,
         'REFERER_CHECK_ENABLED': False,
+        'CSRF_TRUSTED_ORIGINS': '',
         'SESSION_ENGINE': 'cache',
         'SESSION_SAVE_EVERY_REQUEST': True,
         'SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE': False,

apps/jumpserver/settings/base.py

@@ -59,6 +59,9 @@ SITE_URL = CONFIG.SITE_URL
 # https://docs.djangoproject.com/en/4.1/ref/settings/
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
+# https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS
+CSRF_TRUSTED_ORIGINS = CONFIG.CSRF_TRUSTED_ORIGINS.split(',') if CONFIG.CSRF_TRUSTED_ORIGINS else []
+
 # LOG LEVEL
 LOG_LEVEL = CONFIG.LOG_LEVEL