Enable to set CSRF_TRUSTED_ORIGINS in debug mode

2 years ago · 170f0a1aab
2 changed files with 3 additions and 4 deletions
--- a/backend/config/settings/base.py
+++ b/backend/config/settings/base.py
@ -230,8 +230,9 @@ CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", [])
 ALLOWED_HOSTS = ["*"]

 if DEBUG:
-    CORS_ORIGIN_WHITELIST = ("http://127.0.0.1:3000", "http://0.0.0.0:3000", "http://localhost:3000")
-    CSRF_TRUSTED_ORIGINS = CORS_ORIGIN_WHITELIST
+    CORS_ORIGIN_ALLOW_ALL = True
+    CSRF_TRUSTED_ORIGINS = ["http://127.0.0.1:3000", "http://0.0.0.0:3000", "http://localhost:3000"]
+    CSRF_TRUSTED_ORIGINS += env.list("CSRF_TRUSTED_ORIGINS", [])

 # Batch size for importing data
 IMPORT_BATCH_SIZE = env.int("IMPORT_BATCH_SIZE", 1000)
--- a/backend/config/settings/development.py
+++ b/backend/config/settings/development.py
@ -1,8 +1,6 @@
 from .base import *  # noqa: F403

 MIDDLEWARE.append("api.middleware.RangesMiddleware")  # noqa: F405
-CORS_ORIGIN_WHITELIST = ("http://127.0.0.1:3000", "http://0.0.0.0:3000", "http://localhost:3000")
-CSRF_TRUSTED_ORIGINS = CORS_ORIGIN_WHITELIST
 # LOGGING = {
 #     'version': 1,
 #     'handlers': {