Files
vergabe-teilnahme/vergabe_teilnahme
tegwick f95de1482d Fix CSRF 403 on all POSTs behind traefik
prod.py never read the CSRF_TRUSTED_ORIGINS env var the deployment already
injects, so Django's setting stayed empty. Behind traefik's TLS termination
Django saw requests as HTTP and rejected the browser's https:// Origin on
every POST with a CSRF failure (403) — forms could not be saved and the DB
stayed empty.

- Read CSRF_TRUSTED_ORIGINS from env (filtering empties).
- Set SECURE_PROXY_SSL_HEADER so Django recognizes HTTPS via X-Forwarded-Proto.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-22 02:02:42 +02:00
..
2026-05-14 11:30:30 +02:00
2026-05-08 14:26:48 +02:00
2026-05-08 14:26:48 +02:00
2026-05-08 14:26:48 +02:00