Fix for CSRF and loginrequired middleware

author: Matthew Lemon <y@yulqen.org> 2024-04-24 20:19:29 +0100
committer: Matthew Lemon <y@yulqen.org> 2024-04-24 20:19:29 +0100
commit: 326e8fc8b1c615f8533b45e80ce0ae636ebdcc17 (patch)
tree: 590874b1d540a76b37eafc30cd9a1b201dd3a70a /ded
parent: bc3c42b2279a3bf1e7159f110e662e942a5fdc2e (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/ded/settings.py b/ded/settings.py
index 9cba3b0..b2b1da0 100644
--- a/ded/settings.py
+++ b/ded/settings.py
@@ -14,6 +14,10 @@ from pathlib import Path
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
+# For staging (on OpenShift)
+# was getting 403, CSRF verification failed error
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = True
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/
@@ -29,7 +33,6 @@ ALLOWED_HOSTS = ["ded-web-ho-defnucsyr-ded.apps.ocp1.azure.dso.digital.mod.uk",
 STATIC_ROOT = BASE_DIR / "static"
 
 # Application definition
-
 INSTALLED_APPS = [
     "instruments.apps.InstrumentsConfig",
     "engagements.apps.EngagementsConfig",
author	Matthew Lemon <y@yulqen.org>	2024-04-24 20:19:29 +0100
committer	Matthew Lemon <y@yulqen.org>	2024-04-24 20:19:29 +0100
commit	326e8fc8b1c615f8533b45e80ce0ae636ebdcc17 (patch)
tree	590874b1d540a76b37eafc30cd9a1b201dd3a70a /ded
parent	bc3c42b2279a3bf1e7159f110e662e942a5fdc2e (diff)