Merge pull request #419 from grant-project/cors-var
Give CORS setting its own env var
This commit is contained in:
commit
426b397b3d
|
@ -9,6 +9,8 @@ SENDGRID_API_KEY="optional, but emails won't send without it"
|
||||||
|
|
||||||
# set this so third-party cookie blocking doesn't kill backend sessions (production)
|
# set this so third-party cookie blocking doesn't kill backend sessions (production)
|
||||||
# SESSION_COOKIE_DOMAIN="zfnd.org"
|
# SESSION_COOKIE_DOMAIN="zfnd.org"
|
||||||
|
# Limit CORS to these domains, no spaces in seperators. Defaults to '*'.
|
||||||
|
# CORS_DOMAINS="domain.com,domain2.com"
|
||||||
|
|
||||||
# SENTRY_DSN="https://PUBLICKEY@sentry.io/PROJECTID"
|
# SENTRY_DSN="https://PUBLICKEY@sentry.io/PROJECTID"
|
||||||
# SENTRY_RELEASE="optional, provides sentry logging with release info"
|
# SENTRY_RELEASE="optional, provides sentry logging with release info"
|
||||||
|
|
|
@ -12,7 +12,7 @@ from sentry_sdk.integrations.flask import FlaskIntegration
|
||||||
from sentry_sdk.integrations.logging import LoggingIntegration
|
from sentry_sdk.integrations.logging import LoggingIntegration
|
||||||
from grant import commands, proposal, user, comment, milestone, admin, email, blockchain, task, rfp, e2e
|
from grant import commands, proposal, user, comment, milestone, admin, email, blockchain, task, rfp, e2e
|
||||||
from grant.extensions import bcrypt, migrate, db, ma, security, limiter
|
from grant.extensions import bcrypt, migrate, db, ma, security, limiter
|
||||||
from grant.settings import SENTRY_RELEASE, ENV, E2E_TESTING, DEBUG, SESSION_COOKIE_DOMAIN
|
from grant.settings import SENTRY_RELEASE, ENV, E2E_TESTING, DEBUG, CORS_DOMAINS
|
||||||
from grant.utils.auth import AuthException, handle_auth_error, get_authed_user
|
from grant.utils.auth import AuthException, handle_auth_error, get_authed_user
|
||||||
from grant.utils.exceptions import ValidationException
|
from grant.utils.exceptions import ValidationException
|
||||||
|
|
||||||
|
@ -121,7 +121,7 @@ def register_extensions(app):
|
||||||
security.init_app(app, datastore=user_datastore, register_blueprint=False)
|
security.init_app(app, datastore=user_datastore, register_blueprint=False)
|
||||||
|
|
||||||
# supports_credentials for session cookies, on cookie domains (if set)
|
# supports_credentials for session cookies, on cookie domains (if set)
|
||||||
origins = [SESSION_COOKIE_DOMAIN] if SESSION_COOKIE_DOMAIN else '*'
|
origins = CORS_DOMAINS.split(',')
|
||||||
CORS(app, supports_credentials=True, expose_headers='X-Grantio-Authed', origins=origins)
|
CORS(app, supports_credentials=True, expose_headers='X-Grantio-Authed', origins=origins)
|
||||||
SSLify(app)
|
SSLify(app)
|
||||||
return None
|
return None
|
||||||
|
|
|
@ -29,6 +29,7 @@ SQLALCHEMY_TRACK_MODIFICATIONS = False
|
||||||
|
|
||||||
# so backend session cookies are first-party
|
# so backend session cookies are first-party
|
||||||
SESSION_COOKIE_DOMAIN = env.str('SESSION_COOKIE_DOMAIN', default=None)
|
SESSION_COOKIE_DOMAIN = env.str('SESSION_COOKIE_DOMAIN', default=None)
|
||||||
|
CORS_DOMAINS = env.str('CORS_DOMAINS', default='*')
|
||||||
|
|
||||||
SENDGRID_API_KEY = env.str("SENDGRID_API_KEY", default="")
|
SENDGRID_API_KEY = env.str("SENDGRID_API_KEY", default="")
|
||||||
SENDGRID_DEFAULT_FROM = "noreply@grants.zfnd.org"
|
SENDGRID_DEFAULT_FROM = "noreply@grants.zfnd.org"
|
||||||
|
|
Loading…
Reference in New Issue