From 05f96ef4b82df1764556758f4afdf8e17b58d9e1 Mon Sep 17 00:00:00 2001 From: Obada Haddad Date: Wed, 11 Mar 2026 15:21:14 +0100 Subject: [PATCH 1/2] fix csrf and domain_name when the instance is behind multiple different domain names --- src/settings/base.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/settings/base.py b/src/settings/base.py index ed5b978d7..127b17eb8 100644 --- a/src/settings/base.py +++ b/src/settings/base.py @@ -19,15 +19,21 @@ csrf_https_domain = "https://" + os.environ.get("DOMAIN_NAME").split(':')[0] csrf_http_domain = "http://" + os.environ.get("DOMAIN_NAME").split(':')[0] -CSRF_TRUSTED_ORIGINS = [csrf_https_domain, csrf_http_domain] -CSRF_ALLOWED_ORIGINS = [csrf_https_domain, csrf_http_domain] +if os.environ.get("EXTERNAL_DOMAIN_NAME", "") != "": + csrf_https_external_domain = "https://" + os.environ.get("EXTERNAL_DOMAIN_NAME", "").split(':')[0] + csrf_http_external_domain = "http://" + os.environ.get("EXTERNAL_DOMAIN_NAME", "").split(':')[0] + CSRF_TRUSTED_ORIGINS = [csrf_https_domain, csrf_http_domain, csrf_https_external_domain, csrf_http_external_domain] + CSRF_ALLOWED_ORIGINS = [csrf_https_domain, csrf_http_domain, csrf_https_external_domain, csrf_http_external_domain] -SITE_ID = 1 + DOMAIN_NAME = os.environ.get('EXTERNAL_DOMAIN_NAME').split(':')[0] +else: + CSRF_TRUSTED_ORIGINS = [csrf_https_domain, csrf_http_domain] + CSRF_ALLOWED_ORIGINS = [csrf_https_domain, csrf_http_domain] -SITE_DOMAIN = os.environ.get('SITE_DOMAIN', 'http://localhost') -DOMAIN_NAME = os.environ.get('DOMAIN_NAME', 'localhost').split(':')[0] + DOMAIN_NAME = os.environ.get('DOMAIN_NAME', 'localhost').split(':')[0] -SELENIUM_HOSTNAME = os.environ.get("SELENIUM_HOSTNAME", "localhost") +SITE_DOMAIN = os.environ.get('SITE_DOMAIN', 'http://localhost') +SITE_ID = 1 THIRD_PARTY_APPS = ( From d87143a880fdf42f72a0b99fd2e524882ff936a9 Mon Sep 17 00:00:00 2001 From: Obada Haddad Date: Wed, 11 Mar 2026 15:32:14 +0100 Subject: [PATCH 2/2] add some documentation about multiple domains --- .../How-to-deploy-Codabench-on-your-server.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/documentation/docs/Developers_and_Administrators/How-to-deploy-Codabench-on-your-server.md b/documentation/docs/Developers_and_Administrators/How-to-deploy-Codabench-on-your-server.md index fb2895b7d..aa11532d4 100644 --- a/documentation/docs/Developers_and_Administrators/How-to-deploy-Codabench-on-your-server.md +++ b/documentation/docs/Developers_and_Administrators/How-to-deploy-Codabench-on-your-server.md @@ -439,4 +439,7 @@ Caddyfile : path /{$AWS_STORAGE_BUCKET_NAME}* /{$AWS_STORAGE_PRIVATE_BUCKET_NAME}* } reverse_proxy @min_bucket minio:{$MINIO_PORT} -``` \ No newline at end of file +``` + +## Codabench Instance behind a reverse proxy +If you put your instance behind a reverse proxy and want that proxy to contact the instance via http or https, your `DOMAIN_NAME` might not be reachable from the outside. In this case, you can set `DOMAIN_NAME` as your internal domain name, used by the reverse proxy, and `EXTERNAL_DOMAIN_NAME` as the domain name that is known on external networks (like the internet). \ No newline at end of file