Skip to content

Commit afbb4b2

Browse files
lunikalunika
authored
🩹(backend) default CORS_ALLOW_ALL_ORIGINS to False
The settings CORS_ALLOW_ALL_ORIGINS was set to True by default. This error is inherited from a old mistake made back in the days while working on the initial impress demo. This is not something we want, this should be only allowed in development. We change the value in all the manifests in order to have the desired behavior in non development environments.
1 parent db63ebd commit afbb4b2

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

docs/env.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ These are the environment variables you can set for the `impress-backend` contai
4040
| DJANGO_EMAIL_USE_TLS | use tls for email host connection | false |
4141
| DJANGO_EMAIL_USE_SSL | use sstl for email host connection | false |
4242
| DJANGO_EMAIL_FROM | email address used as sender | [email protected] |
43-
| DJANGO_CORS_ALLOW_ALL_ORIGINS | allow all CORS origins | true |
43+
| DJANGO_CORS_ALLOW_ALL_ORIGINS | allow all CORS origins | false |
4444
| DJANGO_CORS_ALLOWED_ORIGINS | list of origins allowed for CORS | [] |
4545
| DJANGO_CORS_ALLOWED_ORIGIN_REGEXES | list of origins allowed for CORS using regulair expressions | [] |
4646
| SENTRY_DSN | sentry host | |

src/backend/impress/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -396,7 +396,7 @@ class Base(Configuration):
396396

397397
# CORS
398398
CORS_ALLOW_CREDENTIALS = True
399-
CORS_ALLOW_ALL_ORIGINS = values.BooleanValue(True)
399+
CORS_ALLOW_ALL_ORIGINS = values.BooleanValue(False)
400400
CORS_ALLOWED_ORIGINS = values.ListValue([])
401401
CORS_ALLOWED_ORIGIN_REGEXES = values.ListValue([])
402402

0 commit comments

Comments
 (0)