Merge pull request #37 from montjoie/csrf_fix

Csrf fix
author: khilman <khilman@users.noreply.github.com> 2018-08-08 16:27:24 -0700
committer: GitHub <noreply@github.com> 2018-08-08 16:27:24 -0700
commit: cbfe5a606fa2999b3654d482910719032b39101d (patch)
tree: 8f28912198611e9a44d9000d1d11e0e819849458 /lavalab-gen.py
parent: 61a473fb56ef7418314385df7b72cd58e40a2ff2 (diff)
parent: 84b74ee04a2aa2ab686fbc8676f1923b52a420b3 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lavalab-gen.py b/lavalab-gen.py
index 2d21fe7..597bd1a 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -68,6 +68,7 @@ template_settings_conf = string.Template("""
     "HTTPS_XML_RPC": false,
     "LOGIN_URL": "/accounts/login/",
     "LOGIN_REDIRECT_URL": "/",
+    "CSRF_TRUSTED_ORIGINS": ["$lava_http_fqdn"],
     "CSRF_COOKIE_SECURE": $cookie_secure,
     "SESSION_COOKIE_SECURE": $session_cookie_secure
 }
@@ -146,7 +147,7 @@ def main():
         f_fqdn.write(lava_http_fqdn)
         f_fqdn.close()
         fsettings = open("%s/settings.conf" % workerdir, 'w')
-        fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure))
+        fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn))
         fsettings.close()
         master_use_zmq_auth = False
         if "zmq_auth" in worker:
author	khilman <khilman@users.noreply.github.com>	2018-08-08 16:27:24 -0700
committer	GitHub <noreply@github.com>	2018-08-08 16:27:24 -0700
commit	cbfe5a606fa2999b3654d482910719032b39101d (patch)
tree	8f28912198611e9a44d9000d1d11e0e819849458 /lavalab-gen.py
parent	61a473fb56ef7418314385df7b72cd58e40a2ff2 (diff)
parent	84b74ee04a2aa2ab686fbc8676f1923b52a420b3 (diff)