zecfoundation
/
zcash-grant-system
mirror of https://github.com/ZcashFoundation/zcash-grant-system.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #419 from grant-project/cors-var 

Give CORS setting its own env var
This commit is contained in:
William O'Beirne 2019-04-04 21:34:22 -04:00 committed by GitHub
parent 35510b984f c462b6eb72
commit 426b397b3d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/.env.example
View File

@ -9,6 +9,8 @@ SENDGRID_API_KEY="optional, but emails won't send without it"
# set this so third-party cookie blocking doesn't kill backend sessions (production) # set this so third-party cookie blocking doesn't kill backend sessions (production)
# SESSION_COOKIE_DOMAIN="zfnd.org" # SESSION_COOKIE_DOMAIN="zfnd.org"
# Limit CORS to these domains, no spaces in seperators. Defaults to '*'.
# CORS_DOMAINS="domain.com,domain2.com"
# SENTRY_DSN="https://PUBLICKEY@sentry.io/PROJECTID" # SENTRY_DSN="https://PUBLICKEY@sentry.io/PROJECTID"
# SENTRY_RELEASE="optional, provides sentry logging with release info" # SENTRY_RELEASE="optional, provides sentry logging with release info"

4
backend/grant/app.py
View File

@ -12,7 +12,7 @@ from sentry_sdk.integrations.flask import FlaskIntegration
from sentry_sdk.integrations.logging import LoggingIntegration from sentry_sdk.integrations.logging import LoggingIntegration
from grant import commands, proposal, user, comment, milestone, admin, email, blockchain, task, rfp, e2e from grant import commands, proposal, user, comment, milestone, admin, email, blockchain, task, rfp, e2e
from grant.extensions import bcrypt, migrate, db, ma, security, limiter from grant.extensions import bcrypt, migrate, db, ma, security, limiter
from grant.settings import SENTRY_RELEASE, ENV, E2E_TESTING, DEBUG, SESSION_COOKIE_DOMAIN from grant.settings import SENTRY_RELEASE, ENV, E2E_TESTING, DEBUG, CORS_DOMAINS
from grant.utils.auth import AuthException, handle_auth_error, get_authed_user from grant.utils.auth import AuthException, handle_auth_error, get_authed_user
from grant.utils.exceptions import ValidationException from grant.utils.exceptions import ValidationException
@ -121,7 +121,7 @@ def register_extensions(app):
security.init_app(app, datastore=user_datastore, register_blueprint=False) security.init_app(app, datastore=user_datastore, register_blueprint=False)
# supports_credentials for session cookies, on cookie domains (if set) # supports_credentials for session cookies, on cookie domains (if set)
origins = [SESSION_COOKIE_DOMAIN] if SESSION_COOKIE_DOMAIN else '*' origins = CORS_DOMAINS.split(',')
CORS(app, supports_credentials=True, expose_headers='X-Grantio-Authed', origins=origins) CORS(app, supports_credentials=True, expose_headers='X-Grantio-Authed', origins=origins)
SSLify(app) SSLify(app)
return None return None

1
backend/grant/settings.py
View File

@ -29,6 +29,7 @@ SQLALCHEMY_TRACK_MODIFICATIONS = False
# so backend session cookies are first-party # so backend session cookies are first-party
SESSION_COOKIE_DOMAIN = env.str('SESSION_COOKIE_DOMAIN', default=None) SESSION_COOKIE_DOMAIN = env.str('SESSION_COOKIE_DOMAIN', default=None)
CORS_DOMAINS = env.str('CORS_DOMAINS', default='*')
SENDGRID_API_KEY = env.str("SENDGRID_API_KEY", default="") SENDGRID_API_KEY = env.str("SENDGRID_API_KEY", default="")
SENDGRID_DEFAULT_FROM = "noreply@grants.zfnd.org" SENDGRID_DEFAULT_FROM = "noreply@grants.zfnd.org"