Since v2.7.0 of the TrainingPortal, the CSRF verification is broken for portals configured with a custom Ingress domain via spec.portal.ingress.hostname.
This is due to the introduction of the CSRF_TRUSTED_ORIGINS setting in the Django settings.py of the project in 2552a4a.
Additional information
The current definition of CSRF_TRUSTED_ORIGINS only works when the TrainingPortal has not been configured to use a custom Ingress domain, thus defaulting to {PORTAL_NAME}-ui.{INGRESS_DOMAIN} for the Ingress domain.
Within the project's settings.py another variable PORTAL_HOSTNAME gets introduced which encapsulates the needed application logic already: using the configured Ingress domain if provided and falling back to the default case if not.
I will provide a PR fixing this issue, I already confirmed that it's working locally.
Describe the bug
Since
v2.7.0of theTrainingPortal, the CSRF verification is broken for portals configured with a custom Ingress domain viaspec.portal.ingress.hostname.This is due to the introduction of the
CSRF_TRUSTED_ORIGINSsetting in the Djangosettings.pyof the project in 2552a4a.Additional information
The current definition of
CSRF_TRUSTED_ORIGINSonly works when theTrainingPortalhas not been configured to use a custom Ingress domain, thus defaulting to{PORTAL_NAME}-ui.{INGRESS_DOMAIN}for the Ingress domain.Within the project's
settings.pyanother variablePORTAL_HOSTNAMEgets introduced which encapsulates the needed application logic already: using the configured Ingress domain if provided and falling back to the default case if not.I will provide a PR fixing this issue, I already confirmed that it's working locally.