search

linuxserver / docker-healthchecks

GNU General Public License v3.0
177 stars 37 forks source link

[BUG] Wrong documentation for CSRF_TRUSTED_ORIGINS #112

Closed marlenekoh closed 8 months ago

marlenekoh commented 9 months ago

Is there an existing issue for this?

Current Behavior

From the README

## Note on `CSRF_TRUSTED_ORIGINS`

On first run (or any startup where `REGENERATE_SETTINGS=true`) we will set `CSRF_TRUSTED_ORIGINS` to match the value of `SITE_ROOT`. If you need different/additional origins, you will need to edit `/config/local_settings.py` and add them yourself. Note that setting `REGENERATE_SETTINGS=true` will overwrite any changes on startup.

Expected Behavior

However, the behaviour has changed since this commit https://github.com/linuxserver/docker-healthchecks/commit/bd0cb9e6035632f76a01e8d49c40d8cb4d603d18

Please update the readme docs with an example that CSRF_TRUSTED_ORIGINS has to be manually set, and that it takes in only a str and not a list (different behaviour from django's CSRF_TRUSTED_ORIGINS)

Steps To Reproduce

Works 

SITE_ROOT=https://my-healthchecks-app.abc.com
CSRF_TRUSTED_ORIGINS=https://my-healthchecks-app.abc.com

Does not work

SITE_ROOT=https://my-healthchecks-app.abc.com
CSRF_TRUSTED_ORIGINS=["https://my-healthchecks-app.abc.com"]
SITE_ROOT=https://my-healthchecks-app.abc.com
# creates container with CSRF_TRUSTED_ORIGINS=[]

Environment

No response

CPU architecture

x86-64

Docker creation

version: "3"
  web:
    image: linuxserver/healthchecks:amd64-version-v3.0.1
    environment:
      - SITE_ROOT=https://my-healthchecks-app.abc.com
      - SITE_NAME=Healthchecks
      - DEBUG=True
      - ALLOWED_HOSTS=["localhost","my-healthchecks-app.abc.com"]
      - DEFAULT_FROM_EMAIL=healthchecks@abc.com
      - REGENERATE_SETTINGS=True
      - SUPERUSER_EMAIL=admin@abc.com
      - SUPERUSER_PASSWORD=somepass
      - EMAIL_USE_VERIFICATION=False
      - REGISTRATION_OPEN=False
      - REMOTE_USER_HEADER=HTTP_X_EMAIL
      - CSRF_TRUSTED_ORIGINS=["https://my-healthchecks-app.abc.com"]
    ports:
      - 8000:8000

Container logs

SyntaxError: invalid syntax. Perhaps you forgot a comma?
Traceback (most recent call last):
  File "/app/healthchecks/manage.py", line 17, in <module>
    raise e
  File "/app/healthchecks/manage.py", line 13, in <module>
    execute_from_command_line(sys.argv)
  File "/lsiopy/lib/python3.11/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "/lsiopy/lib/python3.11/site-packages/django/core/management/__init__.py", line 382, in execute
    settings.INSTALLED_APPS
  File "/lsiopy/lib/python3.11/site-packages/django/conf/__init__.py", line 102, in __getattr__
    self._setup(name)
  File "/lsiopy/lib/python3.11/site-packages/django/conf/__init__.py", line 89, in _setup
    self._wrapped = Settings(settings_module)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.11/site-packages/django/conf/__init__.py", line 217, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 1204, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1176, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1147, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 690, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 940, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/app/healthchecks/hc/settings.py", line 338, in <module>
    from .local_settings import *  # noqa: F403
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/healthchecks/hc/local_settings.py", line 9
    CSRF_TRUSTED_ORIGINS = ["["https://my-healthchecks-app.abc.com"]"
github-actions[bot] commented 9 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

sukanta-nandi commented 8 months ago

Created a PR for this change https://github.com/linuxserver/docker-healthchecks/pull/114

thespad commented 8 months ago

The readme isn't wrong, but the init logic was. The linked PR should fix the logic and also updates the readme to clarify setting the CSRF_TRUSTED_ORIGINS as it's not part of the Healthchecks docs.