Browse Source

Added: 'Access-Control-Allow-Credentials' = 'true' middleware And updated settings app order.

master
Elwin Buisman 6 months ago
parent
commit
7b17084de6
  1. 5
      VRE/VRE/env.example
  2. 36
      VRE/VRE/settings.py
  3. 13
      VRE/lib/utils/middleware.py

5
VRE/VRE/env.example

@ -7,10 +7,13 @@ SECRET_KEY=@wb=#(f4uc0l%e!5*eo+aoflnxb(@!l9!=c5w=4b+x$=!8&vy%' @@ -7,10 +7,13 @@ SECRET_KEY=@wb=#(f4uc0l%e!5*eo+aoflnxb(@!l9!=c5w=4b+x$=!8&vy%'
DEBUG=False
DEBUG_TOOLBAR=False
# Allowed hosts that Django does server. Use comma separated list Take care when NGINX is proxying in front of Django
# Allowed hosts that Django does server. Use comma separated list. Take care when NGINX is proxying in front of Django
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
ALLOWED_HOSTS=127.0.0.1,localhost
# CORS Headers setup, use comma separated list. Make sure not to use a wildcard.
CORS_ALLOWED_ORIGINS=http://localhost:8000,http://localhost:3000
# All internal IPS for Django. Use comma separated list
# https://docs.djangoproject.com/en/dev/ref/settings/#internal-ips
INTERNAL_IPS=127.0.0.1

36
VRE/VRE/settings.py

@ -37,14 +37,6 @@ ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost,127.0.0.1', cast=Csv( @@ -37,14 +37,6 @@ ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='localhost,127.0.0.1', cast=Csv(
# We load the application in steps, based on which are available on disk
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'mozilla_django_oidc',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'apps.api',
'apps.dropoff',
@ -58,13 +50,19 @@ INSTALLED_APPS = [ @@ -58,13 +50,19 @@ INSTALLED_APPS = [
'apps.virtual_machine.providers.openstack',
'apps.vre_apps',
'djoser',
'corsheaders',
'rest_framework',
'drf_yasg',
'hawkrest',
'mozilla_django_oidc',
'djoser',
'huey.contrib.djhuey',
'corsheaders',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
]
if DEBUG and DEBUG_TOOLBAR:
@ -72,6 +70,7 @@ if DEBUG and DEBUG_TOOLBAR: @@ -72,6 +70,7 @@ if DEBUG and DEBUG_TOOLBAR:
INSTALLED_APPS.append('debug_toolbar')
MIDDLEWARE = [
'lib.utils.middleware.CustomCorsMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
@ -246,7 +245,7 @@ OIDC_OP_JWKS_ENDPOINT = config('OIDC_OP_JWKS_ENDPOINT') @@ -246,7 +245,7 @@ OIDC_OP_JWKS_ENDPOINT = config('OIDC_OP_JWKS_ENDPOINT')
# LOGIN_REDIRECT_URL = config('LOGIN_REDIRECT_URL', default=(reverse_lazy('test-login-surfconext') if DEBUG else '/'))
# LOGOUT_REDIRECT_URL = config('LOGOUT_REDIRECT_URL', default=(reverse_lazy('test-login-surfconext') if DEBUG else '/'))
LOGIN_REDIRECT_URL = '/'
LOGIN_REDIRECT_URL = 'http://localhost:3000/'
LOGOUT_REDIRECT_URL = '/'
# Email settings for sending out upload invitations.
@ -279,18 +278,15 @@ DROPOFF_UPLOAD_HOST = config('DROPOFF_UPLOAD_HOST', default='http://localhost:10 @@ -279,18 +278,15 @@ DROPOFF_UPLOAD_HOST = config('DROPOFF_UPLOAD_HOST', default='http://localhost:10
DROPOFF_NOT_ALLOWED_EXTENSIONS = config('DROPOFF_NOT_ALLOWED_EXTENSIONS', default='exe,com,bat,lnk,sh', cast=Csv())
# CORS Headers setup
CORS_ALLOWED_ORIGINS = config('CORS_ALLOWED_ORIGINS', default='http://0.0.0.0:8000,http://localhost:8000,http://127.0.0.1:8000', cast=Csv())
# This will overrule the allowed origins setting above when set to True
CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=False, cast=bool)
if DEBUG:
# Force all domains by default in Debug mode..
CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOWED_ORIGINS = config('CORS_ALLOWED_ORIGINS', cast=Csv())
CORS_ALLOW_METHODS = config('CORS_ALLOW_METHODS', default='DELETE,GET,OPTIONS,PATCH,POST,PUT', cast=Csv())
CORS_ALLOW_HEADERS = config('CORS_ALLOW_HEADERS', default='accept,accept-encoding,authorization,content-type,dnt,origin,user-agent,x-csrftoken,x-requested-with', cast=Csv())
CORS_EXPOSE_HEADERS = CORS_ALLOW_HEADERS
ACCESS_CONTROL_ALLOW_CREDENTIALS = True
# CORS_EXPOSE_HEADERS = [
# 'Access-Control-Allow-Credentials: true',
# ]
# Sentry settings
SENTRY_DSN = config('SENTRY_DSN', None)

13
VRE/lib/utils/middleware.py

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
class CustomCorsMiddleware:
def __init__(self, get_response):
self.get_response = get_response
# One-time configuration and initialization.
def __call__(self, request):
# Code to be executed for each request before
# the view (and later middleware) are called.
response = self.get_response(request)
response['Access-Control-Allow-Credentials'] = 'true'
return response
Loading…
Cancel
Save