mirror of
https://github.com/inventree/InvenTree
synced 2024-08-30 18:33:04 +00:00
In debug mode, allow CORS from localhost origins (#6650)
* In debug mode, allow CORS from localhost origins - Should allow more reliable connection from the vite frontend dev server * Allow regex pattern to be specified externally * Update docs
This commit is contained in:
parent
e1f606e64f
commit
0f89e21611
@ -1022,7 +1022,7 @@ CORS_ALLOW_CREDENTIALS = get_boolean_setting(
|
|||||||
default_value=True,
|
default_value=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
# Only allow CORS access to API and media endpoints
|
# Only allow CORS access to the following URL endpoints
|
||||||
CORS_URLS_REGEX = r'^/(api|media|static)/.*$'
|
CORS_URLS_REGEX = r'^/(api|media|static)/.*$'
|
||||||
|
|
||||||
CORS_ALLOWED_ORIGINS = get_setting(
|
CORS_ALLOWED_ORIGINS = get_setting(
|
||||||
@ -1036,6 +1036,18 @@ CORS_ALLOWED_ORIGINS = get_setting(
|
|||||||
if SITE_URL and SITE_URL not in CORS_ALLOWED_ORIGINS:
|
if SITE_URL and SITE_URL not in CORS_ALLOWED_ORIGINS:
|
||||||
CORS_ALLOWED_ORIGINS.append(SITE_URL)
|
CORS_ALLOWED_ORIGINS.append(SITE_URL)
|
||||||
|
|
||||||
|
CORS_ALLOWED_ORIGIN_REGEXES = get_setting(
|
||||||
|
'INVENTREE_CORS_ORIGIN_REGEX',
|
||||||
|
config_key='cors.regex',
|
||||||
|
default_value=[],
|
||||||
|
typecast=list,
|
||||||
|
)
|
||||||
|
|
||||||
|
# In debug mode allow CORS requests from localhost
|
||||||
|
# This allows connection from the frontend development server
|
||||||
|
if DEBUG:
|
||||||
|
CORS_ALLOWED_ORIGIN_REGEXES.append(r'^http://localhost:\d+$')
|
||||||
|
|
||||||
for app in SOCIAL_BACKENDS:
|
for app in SOCIAL_BACKENDS:
|
||||||
# Ensure that the app starts with 'allauth.socialaccount.providers'
|
# Ensure that the app starts with 'allauth.socialaccount.providers'
|
||||||
social_prefix = 'allauth.socialaccount.providers.'
|
social_prefix = 'allauth.socialaccount.providers.'
|
||||||
|
@ -81,6 +81,7 @@ Depending on how your InvenTree installation is configured, you will need to pay
|
|||||||
| INVENTREE_TRUSTED_ORIGINS | trusted_origins | List of trusted origins. Refer to the [django documentation]({% include "django.html" %}/ref/settings/#csrf-trusted-origins) | Uses the *INVENTREE_SITE_URL* parameter, if set. Otherwise, an empty list. |
|
| INVENTREE_TRUSTED_ORIGINS | trusted_origins | List of trusted origins. Refer to the [django documentation]({% include "django.html" %}/ref/settings/#csrf-trusted-origins) | Uses the *INVENTREE_SITE_URL* parameter, if set. Otherwise, an empty list. |
|
||||||
| INVENTREE_CORS_ORIGIN_ALLOW_ALL | cors.allow_all | Allow all remote URLS for CORS checks | False |
|
| INVENTREE_CORS_ORIGIN_ALLOW_ALL | cors.allow_all | Allow all remote URLS for CORS checks | False |
|
||||||
| INVENTREE_CORS_ORIGIN_WHITELIST | cors.whitelist | List of whitelisted CORS URLs. Refer to the [django-cors-headers documentation](https://github.com/adamchainz/django-cors-headers#cors_allowed_origins-sequencestr) | Uses the *INVENTREE_SITE_URL* parameter, if set. Otherwise, an empty list. |
|
| INVENTREE_CORS_ORIGIN_WHITELIST | cors.whitelist | List of whitelisted CORS URLs. Refer to the [django-cors-headers documentation](https://github.com/adamchainz/django-cors-headers#cors_allowed_origins-sequencestr) | Uses the *INVENTREE_SITE_URL* parameter, if set. Otherwise, an empty list. |
|
||||||
|
| INVENTREE_CORS_ORIGIN_REGEX | cors.regex | List of regular expressions for CORS whitelisted URL patterns | *Empty list* |
|
||||||
| INVENTREE_USE_X_FORWARDED_HOST | use_x_forwarded_host | Use forwarded host header | False |
|
| INVENTREE_USE_X_FORWARDED_HOST | use_x_forwarded_host | Use forwarded host header | False |
|
||||||
| INVENTREE_USE_X_FORWARDED_PORT | use_x_forwarded_port | Use forwarded port header | False |
|
| INVENTREE_USE_X_FORWARDED_PORT | use_x_forwarded_port | Use forwarded port header | False |
|
||||||
| INVENTREE_CORS_ALLOW_CREDENTIALS | cors.allow_credentials | Allow cookies in cross-site requests | True |
|
| INVENTREE_CORS_ALLOW_CREDENTIALS | cors.allow_credentials | Allow cookies in cross-site requests | True |
|
||||||
|
Loading…
Reference in New Issue
Block a user