mirror of
https://github.com/inventree/InvenTree
synced 2024-08-30 18:33:04 +00:00
Allowed hosts and CORS hosts now moved to the config file
This commit is contained in:
parent
b941a4115f
commit
820d8da2ef
@ -38,14 +38,24 @@ SECRET_KEY = key_file.read().strip()
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
DEBUG = CONFIG.get('debug', True)
|
||||
|
||||
ALLOWED_HOSTS = ['*']
|
||||
# List of allowed hosts (default = allow all)
|
||||
ALLOWED_HOSTS = CONFIG.get('allowed_hosts', ['*'])
|
||||
|
||||
CORS_ORIGIN_WHITELIST = [
|
||||
]
|
||||
# Cross Origin Resource Sharing (CORS) options
|
||||
|
||||
if DEBUG:
|
||||
print("Warning: DEBUG mode is enabled, CORS requests are allowed for any domain")
|
||||
CORS_ORIGIN_ALLOW_ALL = True
|
||||
# Only allow CORS access to API
|
||||
CORS_URLS_REGEX = r'^/api/.*$'
|
||||
|
||||
# Extract CORS options from configuration file
|
||||
cors_opt = CONFIG.get('cors', None)
|
||||
|
||||
if cors_opt:
|
||||
CORS_ORIGIN_ALLOW_ALL = cors_opt.get('allow_all', False)
|
||||
|
||||
if CORS_ORIGIN_ALLOW_ALL:
|
||||
print("Warning: DEBUG mode is enabled, CORS requests are allowed for any domain")
|
||||
else:
|
||||
CORS_ORIGIN_WHITELIST = cors_opt.get('whitelist', [])
|
||||
|
||||
if DEBUG:
|
||||
# will output to your console
|
||||
|
@ -16,5 +16,22 @@ database:
|
||||
# Set debug to False to run in production mode
|
||||
debug: True
|
||||
|
||||
# Allowed hosts (see ALLOWED_HOSTS in Django settings documentation)
|
||||
# A list of strings representing the host/domain names that this Django site can serve.
|
||||
# Default behaviour is to allow all hosts (THIS IS NOT SECURE!)
|
||||
allowed_hosts:
|
||||
- '*'
|
||||
|
||||
# Cross Origin Resource Sharing (CORS) settings (see https://github.com/ottoyiu/django-cors-headers)
|
||||
# Following parameters are
|
||||
cors:
|
||||
# CORS_ORIGIN_ALLOW_ALL - If True, the whitelist will not be used and all origins will be accepted. Defaults to False.
|
||||
allow_all: False
|
||||
|
||||
# CORS_ORIGIN_WHITELIST - A list of origins that are authorized to make cross-site HTTP requests. Defaults to []
|
||||
# whitelist:
|
||||
# - https://example.com
|
||||
# - https://sub.example.com
|
||||
|
||||
# Logging options
|
||||
log_queries: False
|
Loading…
Reference in New Issue
Block a user