fix silly host_clean and direct access TA_PASSWORD
This commit is contained in:
parent
a98a30cc85
commit
06c7968070
|
@ -27,7 +27,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
|
||||||
# Quick-start development settings - unsuitable for production
|
# Quick-start development settings - unsuitable for production
|
||||||
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
|
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
|
||||||
|
|
||||||
PW_HASH = hashlib.sha256(environ.get("TA_PASSWORD").encode())
|
PW_HASH = hashlib.sha256(environ["TA_PASSWORD"].encode())
|
||||||
SECRET_KEY = PW_HASH.hexdigest()
|
SECRET_KEY = PW_HASH.hexdigest()
|
||||||
|
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
# SECURITY WARNING: don't run with debug turned on in production!
|
||||||
|
|
|
@ -156,7 +156,7 @@ def ta_host_parser(ta_host):
|
||||||
for host in ta_host.split():
|
for host in ta_host.split():
|
||||||
host_clean = host.strip()
|
host_clean = host.strip()
|
||||||
if not host_clean.startswith("http"):
|
if not host_clean.startswith("http"):
|
||||||
host_clean = f"http://{host}"
|
host_clean = f"http://{host_clean}"
|
||||||
|
|
||||||
parsed = urlparse(host_clean)
|
parsed = urlparse(host_clean)
|
||||||
allowed_hosts.append(f"{parsed.hostname}")
|
allowed_hosts.append(f"{parsed.hostname}")
|
||||||
|
|
Loading…
Reference in New Issue