vergabe-teilnahme/vergabe_teilnahme
tegwick f95de1482d Fix CSRF 403 on all POSTs behind traefik
prod.py never read the CSRF_TRUSTED_ORIGINS env var the deployment already
injects, so Django's setting stayed empty. Behind traefik's TLS termination
Django saw requests as HTTP and rejected the browser's https:// Origin on
every POST with a CSRF failure (403) — forms could not be saved and the DB
stayed empty.

- Read CSRF_TRUSTED_ORIGINS from env (filtering empties).
- Set SECURE_PROXY_SSL_HEADER so Django recognizes HTTPS via X-Forwarded-Proto.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-22 02:02:42 +02:00
..
apps Rewire issue tracker integration from issue-facade to issue-core 2026-05-18 22:33:28 +02:00
settings Fix CSRF 403 on all POSTs behind traefik 2026-05-22 02:02:42 +02:00
templates issue-facade integration 2026-05-14 11:30:30 +02:00
tests feat(WP-0012): Querschnitt — Freigaben, Felder, Feedback, Suche, Tests 2026-05-11 17:54:38 +02:00
__init__.py Prototype implementation 2026-05-08 14:26:48 +02:00
asgi.py Prototype implementation 2026-05-08 14:26:48 +02:00
urls.py feat(WP-0012): Querschnitt — Freigaben, Felder, Feedback, Suche, Tests 2026-05-11 17:54:38 +02:00
wsgi.py Prototype implementation 2026-05-08 14:26:48 +02:00