Merge pull request #252 from SchrodingersGat/cors

Added extra CORS options
This commit is contained in:
Oliver 2019-05-07 10:29:07 +10:00 committed by GitHub
commit 39672d4e23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions

View File

@ -31,6 +31,20 @@ DEBUG = True
ALLOWED_HOSTS = ['*']
CORS_ORIGIN_WHITELIST = [
"""
TODO - Implement a proper CORS whitelist strategy here.
- The CORS headers should be set per-application and not hard-coded into settings.py
- Provide an external settings.yaml file which defines extra options
- Then the site admin can adjust these without touching tracked files
"""
]
if DEBUG:
print("Warning: DEBUG mode is enabled, CORS requests are allowed for any domain")
CORS_ORIGIN_ALLOW_ALL = True
if DEBUG:
# will output to your console
logging.basicConfig(
@ -60,6 +74,7 @@ INSTALLED_APPS = [
'django_filters', # Extended filter functionality
'dbbackup', # Database backup / restore
'rest_framework', # DRF (Django Rest Framework)
'corsheaders', # Cross-origin Resource Sharing for DRF
'crispy_forms', # Improved form rendering
'import_export', # Import / export tables to file
'django_cleanup', # Automatically delete orphaned MEDIA files
@ -71,6 +86,7 @@ MIDDLEWARE = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',

View File

@ -2,6 +2,7 @@ Django==2.2 # Django package
psycopg2>=2.8.1 # PostgreSQL package
pillow>=5.0.0 # Image manipulation
djangorestframework>=3.6.2 # DRF framework
django-cors-headers>=2.5.3 # CORS headers extension for DRF
django_filter>=1.0.2 # Extended filtering options
django-dbbackup==3.2.0 # Database backup / restore functionality
coreapi>=2.3.0 # API documentation