Fix login failure on https

When login on LAVA via https, a CSRF failure is done. This is due to missing CSRF_TRUSTED_ORIGINS.
author: Corentin LABBE <clabbe@baylibre.com> 2018-07-30 09:44:57 +0200
committer: Corentin LABBE <clabbe@baylibre.com> 2018-07-30 09:44:57 +0200
commit: e2a93eae5955f294d4e37b7b653fb6fd86d72a61 (patch)
tree: d99765933a53ed2f10ce4ec2408fe9bf20acdb4e /lavalab-gen.py
parent: 61a473fb56ef7418314385df7b72cd58e40a2ff2 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lavalab-gen.py b/lavalab-gen.py
index 2d21fe7..597bd1a 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -68,6 +68,7 @@ template_settings_conf = string.Template("""
     "HTTPS_XML_RPC": false,
     "LOGIN_URL": "/accounts/login/",
     "LOGIN_REDIRECT_URL": "/",
+    "CSRF_TRUSTED_ORIGINS": ["$lava_http_fqdn"],
     "CSRF_COOKIE_SECURE": $cookie_secure,
     "SESSION_COOKIE_SECURE": $session_cookie_secure
 }
@@ -146,7 +147,7 @@ def main():
         f_fqdn.write(lava_http_fqdn)
         f_fqdn.close()
         fsettings = open("%s/settings.conf" % workerdir, 'w')
-        fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure))
+        fsettings.write(template_settings_conf.substitute(cookie_secure=cookie_secure, session_cookie_secure=session_cookie_secure, lava_http_fqdn=lava_http_fqdn))
         fsettings.close()
         master_use_zmq_auth = False
         if "zmq_auth" in worker:
author	Corentin LABBE <clabbe@baylibre.com>	2018-07-30 09:44:57 +0200
committer	Corentin LABBE <clabbe@baylibre.com>	2018-07-30 09:44:57 +0200
commit	e2a93eae5955f294d4e37b7b653fb6fd86d72a61 (patch)
tree	d99765933a53ed2f10ce4ec2408fe9bf20acdb4e /lavalab-gen.py
parent	61a473fb56ef7418314385df7b72cd58e40a2ff2 (diff)