From 326e8fc8b1c615f8533b45e80ce0ae636ebdcc17 Mon Sep 17 00:00:00 2001
From: Matthew Lemon <y@yulqen.org>
Date: Wed, 24 Apr 2024 20:19:29 +0100
Subject: Fix for CSRF and loginrequired middleware

---
 ded/settings.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ded/settings.py')

diff --git a/ded/settings.py b/ded/settings.py
index 9cba3b0..b2b1da0 100644
--- a/ded/settings.py
+++ b/ded/settings.py
@@ -14,6 +14,10 @@ from pathlib import Path
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
+# For staging (on OpenShift)
+# was getting 403, CSRF verification failed error
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = True
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/
@@ -29,7 +33,6 @@ ALLOWED_HOSTS = ["ded-web-ho-defnucsyr-ded.apps.ocp1.azure.dso.digital.mod.uk",
 STATIC_ROOT = BASE_DIR / "static"
 
 # Application definition
-
 INSTALLED_APPS = [
     "instruments.apps.InstrumentsConfig",
     "engagements.apps.EngagementsConfig",
-- 
cgit v1.2.3