ui - edit docs and fix CSRF

2021-08-17 17:34:05 +02:00
parent 028fc61b4f
commit aec22d1a81
3 changed files with 15 additions and 7 deletions
--- a/ui/entrypoint.py
+++ b/ui/entrypoint.py
@@ -22,6 +22,8 @@ app.secret_key = vars["FLASK_SECRET"]
 app.config["ABSOLUTE_URI"] = vars["ABSOLUTE_URI"]
 app.config["INSTANCES"] = Instances(vars["DOCKER_HOST"], vars["API_URI"])
 app.config["CONFIG"] = Config()
+app.config["SESSION_COOKIE_DOMAIN"] = vars["ABSOLUTE_URI"].replace("http://", "").replace("https://", "").split("/")[0]
+app.config["WTF_CSRF_SSL_STRICT"] = False

 # Declare functions for jinja2
 app.jinja_env.globals.update(env_to_summary_class=utils.env_to_summary_class)
@@ -29,6 +31,11 @@ app.jinja_env.globals.update(form_service_gen=utils.form_service_gen)
 app.jinja_env.globals.update(form_service_gen_multiple=utils.form_service_gen_multiple)
 app.jinja_env.globals.update(form_service_gen_multiple_values=utils.form_service_gen_multiple_values)

+@app.before_request
+def log_request():
+    app.logger.debug("Request Headers %s", request.headers)
+    return None
+
 # Login management
 login_manager = LoginManager()
 login_manager.init_app(app)
--- a/ui/src/ReverseProxied.py
+++ b/ui/src/ReverseProxied.py
@@ -11,7 +11,7 @@ class ReverseProxied(object):
 			if path_info.startswith(script_name):
 				environ['PATH_INFO'] = path_info[len(script_name):]

-		scheme = environ.get('HTTP_X_SCHEME', '')
+		scheme = environ.get('HTTP_X_FORWARDED_PROTO', '')
 		if scheme:
 			environ['wsgi.url_scheme'] = scheme
 		return self.app(environ, start_response)