Merge branch 'develop' of https://github.com/helxplatform/appstore-chart

into for-eduhelx-chart
helxplatform · May 9, 2024 · c7a871a · c7a871a
2 parents b240eb4 + 0c5ccbb
commit c7a871a
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -41,6 +41,7 @@ Additionally there is a workflow that allows bumping the chart version, if this
 | django.APPSTORE_DJANGO_USERNAME | string | `"admin"` |  |
 | django.AUTHORIZED_USERS | string | `""` | user emails for oauth providers |
 | django.AUTO_WHITELIST_PATTERNS | list | `[]` | Note that these only run on a user's primary alias. If a user has [email protected] as their primary alias, and [email protected] as a secondary alias, they will only be whitelisted automatically if cs.unc.edu emails are allowed. ex. Whitelist all RENCI emails - "^[A-Za-z0-9._%+-]+@renci\\.org$" ex. Whitelist all UNC emails - "^[A-Za-z0-9._%+-]+@([A-Za-z0-9.-]+\\.)?unc\\.edu$" ex. Whitelist CS dept. (grad./prof.) UNC emails - "^[A-Za-z0-9._%+-]+@cs\\.unc\\.edu$" |
+| django.CSRF_DOMAINS | string | `"https://*.renci.org,https://*.renci.unc.edu"` | allowed domains to make post requests to the appstore |
 | django.DEV_PHASE | string | `"live"` | should be 'live' unless you are doing some kind of development |
 | django.DOCKSTORE_APPS_BRANCH | string | `"v1.6.0"` | Specify the git branch to use for HeLx app specifications.  When declaring 'tycho.externalAppRegistryRepo' leave this as an empty string. |
 | django.EMAIL_HOST | string | `""` | Email Server host ie relay.unc.edu | relay.renci.org |
@@ -173,5 +174,5 @@ Additionally there is a workflow that allows bumping the chart version, if this
 | webtop.enabled | bool | `true` | Disabling will turn off the creation of secrets/configmaps for Webtop |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
 
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
@@ -190,6 +190,11 @@ spec:
               key: AUTHORIZED_USERS
               name: {{ include "appstore.fullname" . }}
         {{- end }}
+        - name: CSRF_DOMAINS
+          valueFrom:
+            secretKeyRef:
+              key: CSRF_DOMAINS
+              name: {{ include "appstore.fullname" . }}
         - name: OAUTH_PROVIDERS
           valueFrom:
             secretKeyRef:

diff --git a/templates/secrets.yaml b/templates/secrets.yaml
@@ -58,6 +58,11 @@ data:
   {{- else }}
   OAUTH_PROVIDERS: ""
   {{- end }}
+  {{ if .Values.django.CSRF_DOMAINS }}
+  CSRF_DOMAINS: {{ .Values.django.CSRF_DOMAINS | b64enc }}
+  {{- else }}
+  CSRF_DOMAINS: ""
+  {{- end }}
   {{ if .Values.oauth.GITHUB_NAME }}
   GITHUB_NAME: {{ .Values.oauth.GITHUB_NAME | b64enc }}
   GITHUB_CLIENT_ID: {{ .Values.oauth.GITHUB_CLIENT_ID | b64enc }}

diff --git a/values.yaml b/values.yaml
@@ -140,6 +140,8 @@ django:
   RECIPIENT_EMAILS: ""
   # -- should be 'live' unless you are doing some kind of development
   DEV_PHASE: "live"
+  # -- allowed domains to make post requests to the appstore
+  CSRF_DOMAINS: "https://*.renci.org,https://*.renci.unc.edu"
 
 oauth:
   # -- oauth providers separated by commas (google, github)