Adjust CSRF_ALLOWED_ORIGINS setting for TrainingPortal

vmware-tanzu-labs / educates-training-platform

A platform for hosting interactive workshop environments in Kubernetes, or on top of a local container runtime.

https://docs.educates.dev

Apache License 2.0

72 stars 18 forks source link

Adjust CSRF_ALLOWED_ORIGINS setting for TrainingPortal #380

Closed mocdaniel closed 4 months ago

mocdaniel commented 4 months ago

CSRF_ALLOWED_ORIGINS was configured only for default TrainingPortal names. If instead a custom PORTAL_HOSTNAME had been provided, CSRF verification would break.

We now default to PORTAL_HOSTNAME for CSRF_ALLOWED_ORIGINS and only fall back to the previous default implementation if none was provided.

Fixes #379.

netlify[bot] commented 4 months ago

Deploy Preview for educates-docs ready!

Built without sensitive environment variables

Name	Link
Latest commit	73d757343a62e35225512c85369f960afa81ef95
Latest deploy log	https://app.netlify.com/sites/educates-docs/deploys/664e00fc96ab430008a9d24c
Deploy Preview	https://deploy-preview-380--educates-docs.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

vmware-tanzu-labs / educates-training-platform

Adjust CSRF_ALLOWED_ORIGINS setting for TrainingPortal #380

✅ Deploy Preview for educates-docs ready!

Deploy Preview for educates-docs ready!