feat: add CSRF trusted origins and new OTP plugin
Included CSRF_TRUSTED_ORIGINS for enhanced security based on ALLOWED_HOSTS. Updated ALLOWED_HOSTS config key from "AllowedHosts" to "Hosts" for consistency. Added `django_otp.plugins.otp_static` to INSTALLED_APPS for better OTP functionality. Resolves issues with CSRF protection and OTP security.
This commit is contained in:
parent
89d908883a
commit
dfb80d2aa3
GPG key ID:
ECBCC9082395383F
1 changed files with 4 additions and 1 deletions
|
|
@ -32,7 +32,9 @@ if not (FIELD_ENCRYPTION_KEY := CONFIG.get("ColdBrew", "EncryptionKey", fallback
|
|||
CONFIG["ColdBrew"]["EncryptionKey"] = FIELD_ENCRYPTION_KEY
|
||||
ASK.write()
|
||||
|
||||
ALLOWED_HOSTS = CONFIG.get("ColdBrew", "AllowedHosts", fallback="*").split(",")
|
||||
ALLOWED_HOSTS = CONFIG.get("ColdBrew", "Hosts", fallback="*").split(",")
|
||||
|
||||
CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS if host != "*"]
|
||||
|
||||
DEBUG = (
|
||||
CONFIG.getboolean("ColdBrew", "Debug", fallback=False) if ALLOWED_HOSTS else True
|
||||
|
|
@ -50,6 +52,7 @@ INSTALLED_APPS = [
|
|||
"encrypted_model_fields",
|
||||
"django_otp",
|
||||
"django_otp.plugins.otp_totp",
|
||||
'django_otp.plugins.otp_static',
|
||||
"two_factor",
|
||||
"coldbrew.vpn",
|
||||
"coldbrew.users",
|
||||
|
|
|
|||
Loading…
Reference in a new issue