diff --git a/.env.default b/.env.default index cb3f63a28a91d132bc62c5d2a14f4758b420ce57..aa39b7349e5ce3be0159b40df68c509441d1ab20 100644 --- a/.env.default +++ b/.env.default @@ -31,3 +31,4 @@ export SAMPLE_REPORT_URL= export DJANGO_SETTINGS_MODULE= export DEBUG= export ALLOWED_HOSTS= +export CORS_ORIGIN_WHITELIST= diff --git a/ebdjango/settings.py b/ebdjango/settings.py index 23fdb08ccd4c4f7f6ab68ef3fa02003c3664a729..58600055443f30525250be23ebede35f8dbef527 100644 --- a/ebdjango/settings.py +++ b/ebdjango/settings.py @@ -11,6 +11,8 @@ https://docs.djangoproject.com/en/1.10/ref/settings/ """ import os +from corsheaders.defaults import default_headers +from decouple import config, Csv SETTINGS_PATH = os.path.dirname(os.path.dirname(__file__)) @@ -38,6 +40,13 @@ if os.environ['ENVIRONMENT'] == 'local': ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', 'localhost').split(',') +if os.environ['ENVIRONMENT'] == 'local': + CORS_ORIGIN_ALLOW_ALL = True + CORS_REPLACE_HTTPS_REFERER = True +else: + CORS_ORIGIN_ALLOW_ALL = False + CORS_ORIGIN_WHITELIST = config('CORS_ORIGIN_WHITELIST', cast=Csv()) + CORS_REPLACE_HTTPS_REFERER = True # Application definition INSTALLED_APPS = [ @@ -62,8 +71,9 @@ INSTALLED_APPS = [ ] MIDDLEWARE = [ - 'django.middleware.csrf.CsrfViewMiddleware', 'corsheaders.middleware.CorsMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'corsheaders.middleware.CorsPostCsrfMiddleware', 'django.middleware.common.CommonMiddleware', 'ebdjango.middleware.BasicAuthMiddleware', 'django.middleware.security.SecurityMiddleware',