fix: flask changed from APP_ALLOWED_HOSTS to TRUSTED_HOSTS

inveniosoftware · Feb 24, 2025 · 12b3147 · 12b3147
1 parent 9ce258b
commit 12b3147
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/invenio_rest/csrf.py b/invenio_rest/csrf.py
@@ -167,7 +167,7 @@ def csrf_validate():
             return _abort400(REASON_INSECURE_REFERER)
 
         is_hostname_allowed = referer.hostname in current_app.config.get(
-            "APP_ALLOWED_HOSTS"
+            "TRUSTED_HOSTS"
         )
         if not is_hostname_allowed:
             reason = REASON_BAD_REFERER % referer.geturl()

diff --git a/tests/test_csrf.py b/tests/test_csrf.py
@@ -381,7 +381,7 @@ def test_csrf_bad_referer(csrf_app, csrf):
 
         cookie = client.get_cookie(CSRF_COOKIE_NAME)
 
-        csrf_app.config["APP_ALLOWED_HOSTS"] = ["allowed-referer"]
+        csrf_app.config["TRUSTED_HOSTS"] = ["allowed-referer"]
         not_allowed_referer = "https://not-allowed-referer"
         res = client.post(
             "/csrf-protected",