Skip to content

Commit 2ac978d

Browse files
authored
Merge pull request #162 from FEWS-NET/HEA-738/Update-CORS-for-HEA
Add cors lib and related settings see HEA-738
2 parents e3d094b + b6f94a6 commit 2ac978d

2 files changed

Lines changed: 16 additions & 0 deletions

File tree

hea/settings/base.py

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@
108108
"django_extensions",
109109
"rest_framework_gis",
110110
"revproxy",
111+
"corsheaders",
111112
]
112113
PROJECT_APPS = ["common", "metadata", "baseline"]
113114
INSTALLED_APPS = EXTERNAL_APPS + PROJECT_APPS
@@ -116,6 +117,7 @@
116117
"django.middleware.gzip.GZipMiddleware",
117118
"django.middleware.security.SecurityMiddleware",
118119
"whitenoise.middleware.WhiteNoiseMiddleware",
120+
"corsheaders.middleware.CorsMiddleware",
119121
"django.contrib.sessions.middleware.SessionMiddleware",
120122
"django.middleware.locale.LocaleMiddleware",
121123
"common.middleware.language.LanguageMiddleware",
@@ -153,6 +155,19 @@
153155
"SEARCH_PARAM": "search",
154156
}
155157

158+
159+
########## CORS CONFIGURATION
160+
# See: https://github.com/ottoyiu/django-cors-headers
161+
CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS", default=[])
162+
CORS_ALLOWED_ORIGIN_REGEXES = env.list("CORS_ALLOWED_ORIGIN_REGEXES", default=[])
163+
# when CORS_ALLOW_CREDENTIALS is True, it is not allowed to use
164+
# the wildcard / CORS_ALLOW_ALL_ORIGINS
165+
CORS_ALLOW_ALL_ORIGINS = False if (CORS_ALLOWED_ORIGINS or CORS_ALLOWED_ORIGIN_REGEXES) else True
166+
CORS_ALLOW_CREDENTIALS = True if (CORS_ALLOWED_ORIGINS or CORS_ALLOWED_ORIGIN_REGEXES) else False
167+
168+
CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[])
169+
########## End CORS CONFIGURATION
170+
156171
ROOT_URLCONF = "hea.urls"
157172

158173
TEMPLATES = [

requirements/base.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ dagster-postgres==0.27.7
66
dagster-webserver==1.11.7
77
Django==5.2.6
88
django-binary-database-files==1.0.18
9+
django-cors-headers==4.9.0
910
django-environ==0.11.2
1011
django-extensions==3.2.3
1112
django-filter==23.5

0 commit comments

Comments
 (0)