admin/39028-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto commit: 2026-03-06T17:39:27.574Z

Browse Source
This commit is contained in:
Flatlogic Bot 2026-03-06 17:39:27 +00:00
parent dab6009cb9
commit 50468c603c
4 changed files with 40 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/pasted-20260306-173637-e937ae31.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 MiB

BIN
assets/vm-shot-2026-03-06T17-35-59-925Z.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
config/__pycache__/settings.cpython-311.pyc
View File

Binary file not shown.

48
config/settings.py
View File

@ -20,22 +20,54 @@ load_dotenv(BASE_DIR.parent / ".env")
SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "change-me") SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "change-me")
DEBUG = os.getenv("DJANGO_DEBUG", "true").lower() == "true" DEBUG = os.getenv("DJANGO_DEBUG", "true").lower() == "true"
def _normalize_host(value: str) -> str:
value = (value or "").strip()
if not value:
return ""
if "://" in value:
value = value.split("://", 1)[1]
value = value.split("/", 1)[0]
value = value.split(":", 1)[0]
return value.strip()
def _normalize_origin(value: str) -> str:
value = (value or "").strip().rstrip("/")
if not value:
return ""
if value.startswith(("http://", "https://")):
return value
host = _normalize_host(value)
return f"https://{host}" if host else ""
host_fqdn = _normalize_host(os.getenv("HOST_FQDN", ""))
extra_allowed_hosts = [
_normalize_host(item)
for item in os.getenv("ALLOWED_HOSTS", "").split(",")
if _normalize_host(item)
]
ALLOWED_HOSTS = [ ALLOWED_HOSTS = [
"127.0.0.1", "127.0.0.1",
"localhost", "localhost",
os.getenv("HOST_FQDN", ""), ".appwizzy.dev",
host_fqdn,
*extra_allowed_hosts,
] ]
ALLOWED_HOSTS = list(dict.fromkeys([host for host in ALLOWED_HOSTS if host]))
CSRF_TRUSTED_ORIGINS = [ csrf_origin_items = [
origin for origin in [ os.getenv("HOST_FQDN", ""),
os.getenv("HOST_FQDN", ""), os.getenv("CSRF_TRUSTED_ORIGIN", ""),
os.getenv("CSRF_TRUSTED_ORIGIN", "") *os.getenv("CSRF_TRUSTED_ORIGINS", "").split(","),
] if origin
] ]
CSRF_TRUSTED_ORIGINS = [ CSRF_TRUSTED_ORIGINS = [
f"https://{host}" if not host.startswith(("http://", "https://")) else host "https://*.appwizzy.dev",
for host in CSRF_TRUSTED_ORIGINS "http://*.appwizzy.dev",
*[_normalize_origin(origin) for origin in csrf_origin_items if _normalize_origin(origin)],
] ]
CSRF_TRUSTED_ORIGINS = list(dict.fromkeys(CSRF_TRUSTED_ORIGINS))
# Cookies must always be HTTPS-only; SameSite=Lax keeps CSRF working behind the proxy. # Cookies must always be HTTPS-only; SameSite=Lax keeps CSRF working behind the proxy.
SESSION_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True