mirror of
https://github.com/inventree/InvenTree
synced 2024-08-30 18:33:04 +00:00
Default site (#6503)
* Allow simpler setting for CSRF_TRUSTED_ORIGINS and CORS_ALLOWED_ORIGINS - If these are not specified by the user, but a SITE_URL *is* specified, then use that * Update docs * Update config.md Remove outdated notes
This commit is contained in:
Oliver
GitHub
parent
e88defd026
commit
7681cd2c44
@ -120,61 +120,6 @@ STATIC_ROOT = config.get_static_dir()
|
||||
# The filesystem location for uploaded meadia files
|
||||
MEDIA_ROOT = config.get_media_dir()
|
||||
|
||||
# List of allowed hosts (default = allow all)
|
||||
# Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#allowed-hosts
|
||||
ALLOWED_HOSTS = get_setting(
|
||||
'INVENTREE_ALLOWED_HOSTS',
|
||||
config_key='allowed_hosts',
|
||||
default_value=['*'],
|
||||
typecast=list,
|
||||
)
|
||||
|
||||
# List of trusted origins for unsafe requests
|
||||
# Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins
|
||||
CSRF_TRUSTED_ORIGINS = get_setting(
|
||||
'INVENTREE_TRUSTED_ORIGINS',
|
||||
config_key='trusted_origins',
|
||||
default_value=[],
|
||||
typecast=list,
|
||||
)
|
||||
|
||||
USE_X_FORWARDED_HOST = get_boolean_setting(
|
||||
'INVENTREE_USE_X_FORWARDED_HOST',
|
||||
config_key='use_x_forwarded_host',
|
||||
default_value=False,
|
||||
)
|
||||
|
||||
USE_X_FORWARDED_PORT = get_boolean_setting(
|
||||
'INVENTREE_USE_X_FORWARDED_PORT',
|
||||
config_key='use_x_forwarded_port',
|
||||
default_value=False,
|
||||
)
|
||||
|
||||
# Cross Origin Resource Sharing (CORS) options
|
||||
# Refer to the django-cors-headers documentation for more information
|
||||
# Ref: https://github.com/adamchainz/django-cors-headers
|
||||
|
||||
# Extract CORS options from configuration file
|
||||
CORS_ALLOW_ALL_ORIGINS = get_boolean_setting(
|
||||
'INVENTREE_CORS_ORIGIN_ALLOW_ALL', config_key='cors.allow_all', default_value=DEBUG
|
||||
)
|
||||
|
||||
CORS_ALLOW_CREDENTIALS = get_boolean_setting(
|
||||
'INVENTREE_CORS_ALLOW_CREDENTIALS',
|
||||
config_key='cors.allow_credentials',
|
||||
default_value=True,
|
||||
)
|
||||
|
||||
# Only allow CORS access to API and media endpoints
|
||||
CORS_URLS_REGEX = r'^/(api|media|static)/.*$'
|
||||
|
||||
CORS_ALLOWED_ORIGINS = get_setting(
|
||||
'INVENTREE_CORS_ORIGIN_WHITELIST',
|
||||
config_key='cors.whitelist',
|
||||
default_value=[],
|
||||
typecast=list,
|
||||
)
|
||||
|
||||
# Needed for the parts importer, directly impacts the maximum parts that can be uploaded
|
||||
DATA_UPLOAD_MAX_NUMBER_FIELDS = 10000
|
||||
|
||||
@ -1024,6 +969,69 @@ SOCIAL_BACKENDS = get_setting(
|
||||
if not SITE_MULTI:
|
||||
INSTALLED_APPS.remove('django.contrib.sites')
|
||||
|
||||
# List of allowed hosts (default = allow all)
|
||||
# Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#allowed-hosts
|
||||
ALLOWED_HOSTS = get_setting(
|
||||
'INVENTREE_ALLOWED_HOSTS',
|
||||
config_key='allowed_hosts',
|
||||
default_value=['*'],
|
||||
typecast=list,
|
||||
)
|
||||
|
||||
# List of trusted origins for unsafe requests
|
||||
# Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins
|
||||
CSRF_TRUSTED_ORIGINS = get_setting(
|
||||
'INVENTREE_TRUSTED_ORIGINS',
|
||||
config_key='trusted_origins',
|
||||
default_value=[],
|
||||
typecast=list,
|
||||
)
|
||||
|
||||
# If a list of trusted is not specified, but a site URL has been specified, use that
|
||||
if SITE_URL and len(CSRF_TRUSTED_ORIGINS) == 0:
|
||||
CSRF_TRUSTED_ORIGINS.append(SITE_URL)
|
||||
|
||||
USE_X_FORWARDED_HOST = get_boolean_setting(
|
||||
'INVENTREE_USE_X_FORWARDED_HOST',
|
||||
config_key='use_x_forwarded_host',
|
||||
default_value=False,
|
||||
)
|
||||
|
||||
USE_X_FORWARDED_PORT = get_boolean_setting(
|
||||
'INVENTREE_USE_X_FORWARDED_PORT',
|
||||
config_key='use_x_forwarded_port',
|
||||
default_value=False,
|
||||
)
|
||||
|
||||
# Cross Origin Resource Sharing (CORS) options
|
||||
# Refer to the django-cors-headers documentation for more information
|
||||
# Ref: https://github.com/adamchainz/django-cors-headers
|
||||
|
||||
# Extract CORS options from configuration file
|
||||
CORS_ALLOW_ALL_ORIGINS = get_boolean_setting(
|
||||
'INVENTREE_CORS_ORIGIN_ALLOW_ALL', config_key='cors.allow_all', default_value=DEBUG
|
||||
)
|
||||
|
||||
CORS_ALLOW_CREDENTIALS = get_boolean_setting(
|
||||
'INVENTREE_CORS_ALLOW_CREDENTIALS',
|
||||
config_key='cors.allow_credentials',
|
||||
default_value=True,
|
||||
)
|
||||
|
||||
# Only allow CORS access to API and media endpoints
|
||||
CORS_URLS_REGEX = r'^/(api|media|static)/.*$'
|
||||
|
||||
CORS_ALLOWED_ORIGINS = get_setting(
|
||||
'INVENTREE_CORS_ORIGIN_WHITELIST',
|
||||
config_key='cors.whitelist',
|
||||
default_value=[],
|
||||
typecast=list,
|
||||
)
|
||||
|
||||
# If no CORS origins are specified, but a site URL has been specified, use that
|
||||
if SITE_URL and len(CORS_ALLOWED_ORIGINS) == 0:
|
||||
CORS_ALLOWED_ORIGINS.append(SITE_URL)
|
||||
|
||||
for app in SOCIAL_BACKENDS:
|
||||
# Ensure that the app starts with 'allauth.socialaccount.providers'
|
||||
social_prefix = 'allauth.socialaccount.providers.'
|
||||
|
||||
@ -209,24 +209,19 @@ Depending on how your InvenTree installation is configured, you will need to pay
|
||||
!!! info "Environment Variables"
|
||||
Note that a provided environment variable will override the value provided in the configuration file.
|
||||
|
||||
!!! success "INVENTREE_SITE_URL"
|
||||
If you have specified the `INVENTREE_SITE_URL`, this will automatically be used as a trusted CSRF and CORS host (see below).
|
||||
|
||||
| Environment Variable | Configuration File | Description | Default |
|
||||
| --- | --- | --- | --- |
|
||||
| INVENTREE_ALLOWED_HOSTS | allowed_hosts | List of allowed hosts | `*` |
|
||||
| INVENTREE_TRUSTED_ORIGINS | trusted_origins | List of trusted origins | *Empty list* |
|
||||
| INVENTREE_TRUSTED_ORIGINS | trusted_origins | List of trusted origins. Refer to the [django documentation](https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins) | Uses the *INVENTREE_SITE_URL* parameter, if set. Otherwise, an empty list. |
|
||||
| INVENTREE_CORS_ORIGIN_ALLOW_ALL | cors.allow_all | Allow all remote URLS for CORS checks | False |
|
||||
| INVENTREE_CORS_ORIGIN_WHITELIST | cors.whitelist | List of whitelisted CORS URLs. Refer to the [django-cors-headers documentation](https://github.com/adamchainz/django-cors-headers#cors_allowed_origins-sequencestr) | Uses the *INVENTREE_SITE_URL* parameter, if set. Otherwise, an empty list. |
|
||||
| INVENTREE_USE_X_FORWARDED_HOST | use_x_forwarded_host | Use forwarded host header | False |
|
||||
| INVENTREE_USE_X_FORWARDED_PORT | use_x_forwarded_port | Use forwarded port header | False |
|
||||
| INVENTREE_CORS_ORIGIN_ALLOW_ALL | cors.allow_all | Allow all remote URLS for CORS checks | False |
|
||||
| INVENTREE_CORS_ORIGIN_WHITELIST | cors.whitelist | List of whitelisted CORS URLs | *Empty list* |
|
||||
| INVENTREE_CORS_ALLOW_CREDENTIALS | cors.allow_credentials | Allow cookies in cross-site requests | True |
|
||||
|
||||
!!! info "Configuration File"
|
||||
Allowed hosts and CORS options must be changed in the configuration file, and cannot be set via environment variables
|
||||
|
||||
For further information, refer to the following documentation:
|
||||
|
||||
* [Django ALLOWED_HOSTS](https://docs.djangoproject.com/en/2.2/ref/settings/#allowed-hosts)
|
||||
* [Django CORS headers](https://github.com/OttoYiu/django-cors-headers)
|
||||
|
||||
## File Storage Locations
|
||||
|
||||
InvenTree requires some external directories for storing files:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user