Merge branch 'csrf-trusted-origins' into 'master'

Add `CSRF_TRUSTED_ORIGINS` to `local.py` See merge request allianceauth/allianceauth!1446
2025-07-09 20:40:17 +02:00 · 2022-08-01 08:59:15 +00:00 · 2022-08-01 08:59:15 +00:00 · cc88a02001
commit cc88a02001
parent ae5d0f4a2f 067e2c424e
2 changed files with 14 additions and 4 deletions
--- a/allianceauth/project_template/project_name/settings/local.py
+++ b/allianceauth/project_template/project_name/settings/local.py
@ -13,6 +13,12 @@ STATIC_ROOT = "/var/www/{{ project_name }}/static/"
 # in page titles and the site header.
 SITE_NAME = '{{ project_name }}'

+# This is your websites URL, set it accordingly
+SITE_URL = "https://example.com"
+
+# Django security
+CSRF_TRUSTED_ORIGINS = [SITE_URL]
+
 # Change this to enable/disable debug mode, which displays
 # useful error messages but can leak sensitive data.
 DEBUG = False
@ -39,15 +45,16 @@ DATABASES['default'] = {

 # Register an application at https://developers.eveonline.com for Authentication
 # & API Access and fill out these settings. Be sure to set the callback URL
-# to https://example.com/sso/callback substituting your domain for example.com
+# to https://example.com/sso/callback substituting your domain for example.com in
+# CCP's developer portal
 # Logging in to auth requires the publicData scope (can be overridden through the
 # LOGIN_TOKEN_SCOPES setting). Other apps may require more (see their docs).
 ESI_SSO_CLIENT_ID = ''
 ESI_SSO_CLIENT_SECRET = ''
-ESI_SSO_CALLBACK_URL = ''
+ESI_SSO_CALLBACK_URL = f"{SITE_URL}/sso/callback"
 ESI_USER_CONTACT_EMAIL = ''    # A server maintainer that CCP can contact in case of issues.

-# By default emails are validated before new users can log in.
+# By default, emails are validated before new users can log in.
 # It's recommended to use a free service like SparkPost or Elastic Email to send email.
 # https://www.sparkpost.com/docs/integrations/django/
 # https://elasticemail.com/resources/settings/smtp-api/
--- a/docs/features/services/discord.md
+++ b/docs/features/services/discord.md
@ -17,8 +17,11 @@ Make the following changes in your auth project's settings file (`local.py`):

 ```python
 # Discord Configuration
+# Be sure to set the callback URLto https://example.com/discord/callback/
+# substituting your domain for example.com in Discord's developer portal
+# (Be sure to add the trailing slash)
 DISCORD_GUILD_ID = ''
-DISCORD_CALLBACK_URL = ''
+DISCORD_CALLBACK_URL = f"{SITE_URL}/discord/callback/"
 DISCORD_APP_ID = ''
 DISCORD_APP_SECRET = ''
 DISCORD_BOT_TOKEN = ''