From 269c087bac12a3054bae8f3fc8919049081f605a Mon Sep 17 00:00:00 2001
From: halo <wuyihuangw@gmail.com>
Date: Thu, 1 Dec 2022 13:47:25 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=A2=9E=E5=8A=A0CSRF=5FTRUSTED=5FORIGI?=
 =?UTF-8?q?NS=E5=8F=82=E6=95=B0=EF=BC=8C=E8=A7=A3=E5=86=B3CSRF=E6=8A=A5?=
 =?UTF-8?q?=E9=94=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/jumpserver/conf.py          | 1 +
 apps/jumpserver/settings/base.py | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 6d850dc90..d5857f90d 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -494,6 +494,7 @@ class Config(dict):
         'SESSION_COOKIE_SECURE': False,
         'CSRF_COOKIE_SECURE': False,
         'REFERER_CHECK_ENABLED': False,
+        'CSRF_TRUSTED_ORIGINS': '',
         'SESSION_ENGINE': 'cache',
         'SESSION_SAVE_EVERY_REQUEST': True,
         'SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE': False,
diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py
index 84f9215fa..554ff50d0 100644
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@@ -59,6 +59,9 @@ SITE_URL = CONFIG.SITE_URL
 # https://docs.djangoproject.com/en/4.1/ref/settings/
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
+# https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS
+CSRF_TRUSTED_ORIGINS = CONFIG.CSRF_TRUSTED_ORIGINS.split(',') if CONFIG.CSRF_TRUSTED_ORIGINS else []
+
 # LOG LEVEL
 LOG_LEVEL = CONFIG.LOG_LEVEL