Fix refactor bugs, CSRF token issues for use in production (#531)

Fix refactor bugs, CSRF token issues for use in production * Add flags for samesite settings to enable django admin login * Include tzdata to dependencies to work around python package issues in linux * Use DJANGO_DEBUG flag correctly * Fix naming of entry field when creating EntryDate objects * Correctly retrieve openai config settings * Fix datefilter with embeddings name for field
2026-03-06 05:39:12 +00:00 · 2023-11-02 23:02:38 -07:00
parent fe860aaf83
commit fb6ebd19fc
6 changed files with 38 additions and 14 deletions
--- a/src/app/settings.py
+++ b/src/app/settings.py
@@ -24,10 +24,29 @@ BASE_DIR = Path(__file__).resolve().parent.parent.parent
 SECRET_KEY = os.getenv("DJANGO_SECRET_KEY")

 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = os.getenv("DJANGO_DEBUG", "False") == "True"

-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = [".khoj.dev", "localhost", "127.0.0.1", "[::1]", "beta.khoj.dev"]

+CSRF_TRUSTED_ORIGINS = [
+    "https://app.khoj.dev",
+    "https://beta.khoj.dev",
+    "https://khoj.dev",
+    "https://*.khoj.dev",
+]
+
+COOKIE_SAMESITE = "None"
+if DEBUG:
+    SESSION_COOKIE_DOMAIN = "localhost"
+    CSRF_COOKIE_DOMAIN = "localhost"
+else:
+    SESSION_COOKIE_DOMAIN = "khoj.dev"
+    CSRF_COOKIE_DOMAIN = "khoj.dev"
+
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+COOKIE_SAMESITE = "None"
+SESSION_COOKIE_SAMESITE = "None"

 # Application definition