Fix: добавлен CSRF_TRUSTED_ORIGINS для входа за Nginx (403)

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-25 15:10:42 +00:00
parent 519806058f
commit c82a69c3ce
3 changed files with 22 additions and 0 deletions
--- a/app/config/settings.py
+++ b/app/config/settings.py
@@ -10,6 +10,15 @@ SECRET_KEY = os.environ.get("SECRET_KEY", "django-insecure-change-me")
 DEBUG = os.environ.get("DEBUG", "false").lower() in ("1", "true", "yes")
 ALLOWED_HOSTS = os.environ.get("ALLOWED_HOSTS", "localhost,127.0.0.1").split(",")

+# За прокси (Nginx): иначе при отправке формы логина — 403 CSRF
+CSRF_TRUSTED_ORIGINS = [
+    "https://erp.gen7x.ru",
+    "http://localhost:8010",
+    "http://127.0.0.1:8010",
+]
+if os.environ.get("CSRF_TRUSTED_ORIGINS"):
+    CSRF_TRUSTED_ORIGINS = os.environ.get("CSRF_TRUSTED_ORIGINS").split(",")
+
 INSTALLED_APPS = [
    "django.contrib.admin",
    "django.contrib.auth",