Merge remote-tracking branch 'inventree/master'

2024-08-30 18:33:04 +00:00 · 2019-05-07 10:30:07 +10:00 · 2019-05-07 10:30:07 +10:00 · 0c229ede24
commit 0c229ede24
parent 64a6ee0f3b 39672d4e23
2 changed files with 17 additions and 0 deletions
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@ -31,6 +31,20 @@ DEBUG = True

 ALLOWED_HOSTS = ['*']

+CORS_ORIGIN_WHITELIST = [
+    """
+    TODO - Implement a proper CORS whitelist strategy here.
+
+    - The CORS headers should be set per-application and not hard-coded into settings.py
+    - Provide an external settings.yaml file which defines extra options
+    - Then the site admin can adjust these without touching tracked files
+    """
+]
+
+if DEBUG:
+    print("Warning: DEBUG mode is enabled, CORS requests are allowed for any domain")
+    CORS_ORIGIN_ALLOW_ALL = True
+
 if DEBUG:
    # will output to your console
    logging.basicConfig(
@ -60,6 +74,7 @@ INSTALLED_APPS = [
    'django_filters',       # Extended filter functionality
    'dbbackup',             # Database backup / restore
    'rest_framework',       # DRF (Django Rest Framework)
+    'corsheaders',         # Cross-origin Resource Sharing for DRF
    'crispy_forms',         # Improved form rendering
    'import_export',        # Import / export tables to file
    'django_cleanup',       # Automatically delete orphaned MEDIA files
@ -71,6 +86,7 @@ MIDDLEWARE = [
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
--- a/requirements.txt
+++ b/requirements.txt
@ -2,6 +2,7 @@ Django==2.2                     # Django package
 psycopg2>=2.8.1                 # PostgreSQL package 
 pillow>=5.0.0                   # Image manipulation
 djangorestframework>=3.6.2      # DRF framework
+django-cors-headers>=2.5.3      # CORS headers extension for DRF
 django_filter>=1.0.2            # Extended filtering options
 django-dbbackup==3.2.0          # Database backup / restore functionality
 coreapi>=2.3.0                  # API documentation