tbs093a
/
music.service.backend
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add CSRF and CORS settings

develop
TBS093A 2020-07-25 00:35:56 +02:00
parent 6e61d83bbc
commit 1cb80a8322
3 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
packages.sh
View File

@ -1,5 +1,6 @@
pip install django pip install django
pip install django-cors-headers
pip install djangorestframework pip install djangorestframework
pip install django-filter pip install django-filter
pip install django-rest-enumfield pip install django-rest-enumfield

BIN
portfolio/__pycache__/settings.cpython-36.pyc
View File

Binary file not shown.

35
portfolio/settings.py
View File

@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
""" """
import os import os
from corsheaders.defaults import default_headers, default_methods
# Build paths inside the project like this: os.path.join(BASE_DIR, ...) # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@ -19,6 +20,30 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production # Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/ # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
# SECURITY WARNING: CSRF Token for client used in production secret!
CSRF_HEADER_NAME = 'HTTP_X_XSRF_TOKEN'
CSRF_USE_SESSIONS = True
# SECURITY WARNING: CORS Settings
# CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = [
"http://localhost:8000"
]
CSRF_TRUSTED_ORIGINS = [
'localhost:8000'
]
CORS_ALLOW_HEADERS = list(default_headers) + [
'authorization'
'x-csrftoken',
]
CORS_ALLOW_METHODS = list(default_methods) + [
'GET',
'POST',
'PUT',
'PATCH',
'DELETE'
]
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'm$*%jdbc!ig9@#9uga-z($v^f9jk_l($y*mrpzz^u@3fnr2q!a' SECRET_KEY = 'm$*%jdbc!ig9@#9uga-z($v^f9jk_l($y*mrpzz^u@3fnr2q!a'
@ -38,6 +63,7 @@ INSTALLED_APPS = [
'django.contrib.messages', 'django.contrib.messages',
'django.contrib.staticfiles', 'django.contrib.staticfiles',
'django_extensions', 'django_extensions',
'corsheaders',
'rest_framework', 'rest_framework',
'drf_yasg', 'drf_yasg',
'rest_framework.authtoken', 'rest_framework.authtoken',
@ -52,6 +78,7 @@ INSTALLED_APPS = [
MIDDLEWARE = [ MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware', 'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
@ -162,7 +189,7 @@ SWAGGER_SETTINGS = {
# UML options # UML options
# GRAPH_MODELS = { GRAPH_MODELS = {
# 'all_applications': True, 'all_applications': True,
# 'group_models': True, 'group_models': True,
# } }