mirror of
https://github.com/tubearchivist/tubearchivist.git
synced 2025-01-15 13:20:12 +00:00
fix silly host_clean and direct access TA_PASSWORD
This commit is contained in:
parent
a98a30cc85
commit
06c7968070
@ -27,7 +27,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
|
||||
# Quick-start development settings - unsuitable for production
|
||||
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
|
||||
|
||||
PW_HASH = hashlib.sha256(environ.get("TA_PASSWORD").encode())
|
||||
PW_HASH = hashlib.sha256(environ["TA_PASSWORD"].encode())
|
||||
SECRET_KEY = PW_HASH.hexdigest()
|
||||
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
|
@ -156,7 +156,7 @@ def ta_host_parser(ta_host):
|
||||
for host in ta_host.split():
|
||||
host_clean = host.strip()
|
||||
if not host_clean.startswith("http"):
|
||||
host_clean = f"http://{host}"
|
||||
host_clean = f"http://{host_clean}"
|
||||
|
||||
parsed = urlparse(host_clean)
|
||||
allowed_hosts.append(f"{parsed.hostname}")
|
||||
|
Loading…
Reference in New Issue
Block a user