Feature Request: Add CSRF_TRUSTED_ORIGINS Environment Variable in Docker
21 views
Skip to first unread message
Mole Mole
Oct 24, 2024, 10:44:13 AM10/24/24
to Review Board Development
Hello Review Board team,
I’m using Review Board in a Docker environment, and I noticed there’s no way to set the CSRF_TRUSTED_ORIGINS directly through an environment variable. This is important when deploying Review Board behind a proxy or in setups where multiple trusted domains need to be configured for CSRF protection.
It would be great if you could add support for a CSRF_TRUSTED_ORIGINS environment variable that would automatically configure this setting in the settings_local.py file. For example, something like this:
$ docker run -P \
--name <name> \
-v /var/www/reviewboard:/site \
-e DOMAIN=reviews.corp.example.com \
-e COMPANY="My Company" \
This would simplify configuring trusted domains for CSRF protection without needing to manually edit the settings_local.py file after deployment.
Thank you for considering this feature!
Best regards,
I’m using Review Board in a Docker environment, and I noticed there’s no way to set the CSRF_TRUSTED_ORIGINS directly through an environment variable. This is important when deploying Review Board behind a proxy or in setups where multiple trusted domains need to be configured for CSRF protection.
It would be great if you could add support for a CSRF_TRUSTED_ORIGINS environment variable that would automatically configure this setting in the settings_local.py file. For example, something like this:
$ docker run -P \
--name <name> \
-v /var/www/reviewboard:/site \
-e DOMAIN=reviews.corp.example.com \
-e COMPANY="My Company" \
-e CSRF_TRUSTED_ORIGINS="https://reviewboard.myweb.com" \
-e MEMCACHED_SERVER=db.corp.example.com:11211 \
-e DATABASE_TYPE=postgresql \
-e DATABASE_SERVER=db.corp.example.com \
-e DATABASE_USERNAME=reviewboard \
-e DATABASE_PASSWORD=reviewboard12345 \
-e DATABASE_NAME=reviewboard \
beanbag/reviewboard:4.0.4-e DATABASE_TYPE=postgresql \
-e DATABASE_SERVER=db.corp.example.com \
-e DATABASE_USERNAME=reviewboard \
-e DATABASE_PASSWORD=reviewboard12345 \
-e DATABASE_NAME=reviewboard \
This would simplify configuring trusted domains for CSRF protection without needing to manually edit the settings_local.py file after deployment.
Thank you for considering this feature!
Best regards,
Christian Hammond
Nov 10, 2024, 9:08:38 PM11/10/24
to reviewb...@googlegroups.com
Hi Mole,
I'm certainly open to that. It'd be nice to have a more generic way of populating custom configuration in general.
We're currently absolutely booked with upcoming releases, but if you'd like to submit a patch, we'd be happy to look at it!
Christian
--
---
You received this message because you are subscribed to the Google Groups "Review Board Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-d...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/reviewboard-dev/df523a66-dac6-43d1-abbc-27e7deb7c09dn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages