Merge "horizon: Allows setting Django's CSRF_TRUSTED_ORIGINS in helm values file"

horizon/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.3.24
+version: 0.3.25
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:

horizon/values.yaml

@@ -218,6 +218,7 @@ conf:
         show_openrc_file: "True"
         csrf_cookie_secure: "False"
         csrf_cookie_httponly: "False"
+        csrf_trusted_origins: []
         enforce_password_check: "True"
         # Set enable_pwd_validator to true to enforce password validator settings.
         enable_pwd_validator: false
@@ -313,6 +314,9 @@ conf:
 
         SESSION_COOKIE_HTTPONLY = {{ .Values.conf.horizon.local_settings.config.session_cookie_httponly }}
 
+        # https://docs.djangoproject.com/en/dev/ref/settings/#csrf-trusted-origins
+        CSRF_TRUSTED_ORIGINS = {{ .Values.conf.horizon.local_settings.config.csrf_trusted_origins }}
+
         # Overrides for OpenStack API versions. Use this setting to force the
         # OpenStack dashboard to use a specific API version for a given service API.
         # Versions specified here should be integers or floats, not strings.

releasenotes/notes/horizon.yaml

@@ -61,4 +61,5 @@ horizon:
   - 0.3.22 Align with 2024.1 requirements
   - 0.3.23 Use global wsgi subinterpreter
   - 0.3.24 Use base64 values for custom logo
+  - 0.3.25 Implement "CSRF_TRUSTED_ORIGINS" option support in horizon
 ...