Merge branch 'default-trusted-origins' into 'master'

Set default frontend urls as CSRF trusted origin See merge request !1589

Merge branch 'default-trusted-origins' into 'master'
de9b1f7e · Erwan Rouchet · 4de1c2ed · 7527ded9 · de9b1f7e · de9b1f7e
Commit de9b1f7e authored 3 years ago by Erwan Rouchet
--- a/arkindex/project/config.py
+++ b/arkindex/project/config.py
@@ -132,7 +132,7 @@ def get_settings_parser(base_dir):
    csrf_parser.add_option('cookie_domain', type=str, default=None)
    csrf_parser.add_option('cookie_secure', type=bool, default=False)
    csrf_parser.add_option('cookie_samesite', type=CookieSameSiteOption, default=CookieSameSiteOption.Lax)
-    csrf_parser.add_option('trusted_origins', type=str, many=True, default=[])
+    csrf_parser.add_option('trusted_origins', type=str, many=True, default=['http://localhost:8080', 'http://127.0.0.1:8080'])

    session_parser = parser.add_subparser('session', default={})
    session_parser.add_option('cookie_name', type=str, default='arkindex.auth')

--- a/arkindex/project/tests/config_samples/defaults.yaml
+++ b/arkindex/project/tests/config_samples/defaults.yaml
@@ -17,7 +17,9 @@ csrf:
  cookie_name: arkindex.csrf
  cookie_samesite: lax
  cookie_secure: false
-  trusted_origins: []
+  trusted_origins:
+  - http://localhost:8080
+  - http://127.0.0.1:8080
 database:
  host: localhost
  name: arkindex_dev