Skip to content

Commit

Permalink
Include the http scheme for CORS_ORIGIN_WHITELIST
Browse files Browse the repository at this point in the history 
django-cors-headers now requires them to be specified since version
3.0.0 [1].
The change is backwards compatible and works with the previous releases
of django-cors-headers.

[1]: https://github.com/ottoyiu/django-cors-headers/blob/master/HISTORY.rst#300-2019-05-10

Change-Id: Ie7d6170fc2e3952c4770e88bf58060df6239fbd7
  • Loading branch information
David Moreau Simard committed May 13, 2019
1 parent bb4e504 commit 7bfe2cc
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 47 deletions.
2 changes: 1 addition & 1 deletion ara/server/settings.py
View file
Expand Up @@ -71,7 +71,7 @@

# Django built-in server and npm development server
ALLOWED_HOSTS = settings.get("ALLOWED_HOSTS", ["::1", "127.0.0.1", "localhost"])
CORS_ORIGIN_WHITELIST = settings.get("CORS_ORIGIN_WHITELIST", ["127.0.0.1:8000", "localhost:3000"])
CORS_ORIGIN_WHITELIST = settings.get("CORS_ORIGIN_WHITELIST", ["http://127.0.0.1:8000", "http://localhost:3000"])
CORS_ORIGIN_ALLOW_ALL = settings.get("CORS_ORIGIN_ALLOW_ALL", False)

ADMINS = settings.get("ADMINS", ())
Expand Down
88 changes: 44 additions & 44 deletions doc/source/api-configuration.rst
View file
Expand Up @@ -19,45 +19,45 @@ Overview
This is a brief overview of the different configuration options for the API server.
For more details, click on the configuration parameters.

+--------------------------------+------------------------------------------------------+------------------------------------------+
| Environment Variable | Usage | default |
+================================+======================================================+==========================================+
| ARA_BASE_DIR_ | Default directory for storing data and configuration | ``~/.ara/server`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_SETTINGS_ | Path to an API server configuration file | ``None`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_ENV_ | Environment to load configuration for | ``default`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_READ_LOGIN_REQUIRED_ | Whether authentication is required for reading data | ``False`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_WRITE_LOGIN_REQUIRED_ | Whether authentication is required for writing data | ``False`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_ENV_ | Environment to load configuration for | ``development`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_LOG_LEVEL_ | Log level of the different components | ``INFO`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_LOGGING_ | Logging configuration | See ARA_LOGGING_ |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_CORS_ORIGIN_WHITELIST_ | django-cors-headers's CORS_ORIGIN_WHITELIST_ setting | ``["127.0.0.1:8000", "localhost:3000"]`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_ALLOWED_HOSTS_ | Django's ALLOWED_HOSTS_ setting | ``["127.0.0.1", "localhost", "::1"]`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_DEBUG_ | Django's DEBUG_ setting | ``false`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_SECRET_KEY_ | Django's SECRET_KEY_ setting | Randomized token, see ARA_SECRET_KEY_ |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_DATABASE_ENGINE_ | Django's ENGINE_ database setting | ``django.db.backends.sqlite3`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_DATABASE_NAME_ | Django's NAME_ database setting | ``~/.ara/server/ansible.sqlite`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_DATABASE_USER_ | Django's USER_ database setting | ``None`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_DATABASE_PASSWORD_ | Django's PASSWORD_ database setting | ``None`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_DATABASE_HOST_ | Django's HOST_ database setting | ``None`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
| ARA_DATABASE_PORT_ | Django's PORT_ database setting | ``None`` |
+--------------------------------+------------------------------------------------------+------------------------------------------+
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| Environment Variable | Usage | default |
+================================+======================================================+========================================================+
| ARA_BASE_DIR_ | Default directory for storing data and configuration | ``~/.ara/server`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_SETTINGS_ | Path to an API server configuration file | ``None`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_ENV_ | Environment to load configuration for | ``default`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_READ_LOGIN_REQUIRED_ | Whether authentication is required for reading data | ``False`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_WRITE_LOGIN_REQUIRED_ | Whether authentication is required for writing data | ``False`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_ENV_ | Environment to load configuration for | ``development`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_LOG_LEVEL_ | Log level of the different components | ``INFO`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_LOGGING_ | Logging configuration | See ARA_LOGGING_ |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_CORS_ORIGIN_WHITELIST_ | django-cors-headers's CORS_ORIGIN_WHITELIST_ setting | ``["http://127.0.0.1:8000", "http://localhost:3000"]`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_ALLOWED_HOSTS_ | Django's ALLOWED_HOSTS_ setting | ``["127.0.0.1", "localhost", "::1"]`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_DEBUG_ | Django's DEBUG_ setting | ``false`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_SECRET_KEY_ | Django's SECRET_KEY_ setting | Randomized token, see ARA_SECRET_KEY_ |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_DATABASE_ENGINE_ | Django's ENGINE_ database setting | ``django.db.backends.sqlite3`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_DATABASE_NAME_ | Django's NAME_ database setting | ``~/.ara/server/ansible.sqlite`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_DATABASE_USER_ | Django's USER_ database setting | ``None`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_DATABASE_PASSWORD_ | Django's PASSWORD_ database setting | ``None`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_DATABASE_HOST_ | Django's HOST_ database setting | ``None`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+
| ARA_DATABASE_PORT_ | Django's PORT_ database setting | ``None`` |
+--------------------------------+------------------------------------------------------+--------------------------------------------------------+

.. _CORS_ORIGIN_WHITELIST: https://github.com/ottoyiu/django-cors-headers
.. _STATIC_ROOT: https://docs.djangoproject.com/en/2.1/ref/settings/#std:setting-STATIC_ROOT
Expand Down Expand Up @@ -253,17 +253,17 @@ ARA_CORS_ORIGIN_WHITELIST
- **Default**: ``["127.0.0.1:8000", "localhost:3000"]``
- **Examples**:

- ``export ARA_CORS_ORIGIN_WHITELIST="['api.ara.example.org', 'web.ara.example.org']"``
- ``export ARA_CORS_ORIGIN_WHITELIST="['https://api.ara.example.org', 'https://web.ara.example.org']"``
- In a YAML configuration file::

dev:
CORS_ORIGIN_WHITELIST:
- 127.0.0.1:8000
- localhost:3000
- http://127.0.0.1:8000
- http://localhost:3000
production:
CORS_ORIGIN_WHITELIST:
- api.ara.example.org
- web.ara.example.org
- https://api.ara.example.org
- https://web.ara.example.org

Hosts in the whitelist for `Cross-Origin Resource Sharing <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`_.

Expand Down
4 changes: 2 additions & 2 deletions roles/ara_api/defaults/main.yaml
View file
Expand Up @@ -131,8 +131,8 @@ ara_api_cors_origin_allow_all: false

# ARA_CORS_ORIGIN_WHITELIST - django-cors-headers’s CORS_ORIGIN_WHITELIST setting
ara_api_cors_origin_whitelist:
- "127.0.0.1:8000"
- "localhost:3000"
- "http://127.0.0.1:8000"
- "http://localhost:3000"

# ARA_SERVER_ALLOWED_HOSTS - Django’s ALLOWED_HOSTS setting
ara_api_allowed_hosts:
Expand Down

0 comments on commit 7bfe2cc

Please sign in to comment.