pol/zetikettes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Fix another CSRF issue

Browse Source 
Also turn that DEBUG to False, just for shits & giggles
This commit is contained in:
Paul Mathieu 2025-08-06 21:42:31 +02:00
parent 6b5a43b7a9
commit 767b722025
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/zetikettes/tikette/views.py
View File

@ -5,7 +5,7 @@ from django.conf import settings
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django.http import JsonResponse from django.http import JsonResponse
from django.shortcuts import render from django.shortcuts import render
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie
from google.auth.transport import requests from google.auth.transport import requests
from google.oauth2 import id_token from google.oauth2 import id_token
@ -51,6 +51,7 @@ def quirk_bold_allergens(ingredients):
@auth_only @auth_only
@ensure_csrf_cookie
def get_list(request): def get_list(request):
tikettes = [{ tikettes = [{
'id': x.id, 'id': x.id,

2
backend/zetikettes/zetikettes/settings.py
View File

@ -27,7 +27,7 @@ MEDIA_URL = '/data/'
SECRET_KEY = 'django-insecure-64qxpe55#9wy=5@#dl0)3w7ywxh48m!f&!slp9e7v4lh@hjdct' SECRET_KEY = 'django-insecure-64qxpe55#9wy=5@#dl0)3w7ywxh48m!f&!slp9e7v4lh@hjdct'
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True DEBUG = False
ALLOWED_HOSTS = ['*'] ALLOWED_HOSTS = ['*']
CSRF_TRUSTED_ORIGINS = ['https://*.ponteilla.net'] CSRF_TRUSTED_ORIGINS = ['https://*.ponteilla.net']