grabowski
0ceee55f9b
Deploy to LXC / deploy (push) Successful in 19s
SvelteKit's built-in CSRF only allows one origin, breaking access via NetBird/Yggdrasil/Tor IPs. Now: - Disabled checkOrigin in svelte.config.js - Custom CSRF in hooks.server.ts checks Origin against ALLOWED_ORIGINS - ALLOWED_ORIGINS env var: comma-separated list of trusted origins - Caddy no longer needs to rewrite Host/Origin headers - Each access method (public domain, NetBird IP, Yggdrasil, Tor onion) just needs its URL added to ALLOWED_ORIGINS Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
7 lines
269 B
Bash
7 lines
269 B
Bash
DATABASE_URL=postgresql://bflr:bflr_dev@localhost:5432/buildfor_life_repair
|
|
UPLOAD_DIR=static/uploads
|
|
BASE_URL=http://localhost:5173
|
|
ORIGIN=https://collection.newedge.house
|
|
ALLOWED_ORIGINS=https://collection.newedge.house,http://100.81.174.129
|
|
BODY_SIZE_LIMIT=52428800
|