From 70d01bf1b4f44c48fa8af524ff7d73b485d62dc2 Mon Sep 17 00:00:00 2001
From: Andrew Godwin
Date: Sun, 20 Nov 2022 13:58:54 -0700
Subject: Fixed #23: Replace https hack with header setting

---
 takahe/settings/development.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'takahe')

diff --git a/takahe/settings/development.py b/takahe/settings/development.py
index d71a406..06e5278 100644
--- a/takahe/settings/development.py
+++ b/takahe/settings/development.py
@@ -5,9 +5,6 @@ from .base import *  # noqa
 # Load secret key from environment with a fallback
 SECRET_KEY = os.environ.get("TAKAHE_SECRET_KEY", "insecure_secret")
 
-# Disable the CRSF origin protection
-MIDDLEWARE.insert(0, "core.middleware.AlwaysSecureMiddleware")
-
 # Ensure debug features are on
 DEBUG = True
 
@@ -16,6 +13,7 @@ CSRF_TRUSTED_ORIGINS = [
     "http://127.0.0.1:8000",
     "https://127.0.0.1:8000",
 ]
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
 EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
 SERVER_EMAIL = "test@example.com"
-- 
cgit v1.2.3