Merge pull request #419 from grant-project/cors-var
Give CORS setting its own env var
This commit is contained in:
commit
426b397b3d
|
@ -9,6 +9,8 @@ SENDGRID_API_KEY="optional, but emails won't send without it"
|
|||
|
||||
# set this so third-party cookie blocking doesn't kill backend sessions (production)
|
||||
# SESSION_COOKIE_DOMAIN="zfnd.org"
|
||||
# Limit CORS to these domains, no spaces in seperators. Defaults to '*'.
|
||||
# CORS_DOMAINS="domain.com,domain2.com"
|
||||
|
||||
# SENTRY_DSN="https://PUBLICKEY@sentry.io/PROJECTID"
|
||||
# SENTRY_RELEASE="optional, provides sentry logging with release info"
|
||||
|
|
|
@ -12,7 +12,7 @@ from sentry_sdk.integrations.flask import FlaskIntegration
|
|||
from sentry_sdk.integrations.logging import LoggingIntegration
|
||||
from grant import commands, proposal, user, comment, milestone, admin, email, blockchain, task, rfp, e2e
|
||||
from grant.extensions import bcrypt, migrate, db, ma, security, limiter
|
||||
from grant.settings import SENTRY_RELEASE, ENV, E2E_TESTING, DEBUG, SESSION_COOKIE_DOMAIN
|
||||
from grant.settings import SENTRY_RELEASE, ENV, E2E_TESTING, DEBUG, CORS_DOMAINS
|
||||
from grant.utils.auth import AuthException, handle_auth_error, get_authed_user
|
||||
from grant.utils.exceptions import ValidationException
|
||||
|
||||
|
@ -121,7 +121,7 @@ def register_extensions(app):
|
|||
security.init_app(app, datastore=user_datastore, register_blueprint=False)
|
||||
|
||||
# supports_credentials for session cookies, on cookie domains (if set)
|
||||
origins = [SESSION_COOKIE_DOMAIN] if SESSION_COOKIE_DOMAIN else '*'
|
||||
origins = CORS_DOMAINS.split(',')
|
||||
CORS(app, supports_credentials=True, expose_headers='X-Grantio-Authed', origins=origins)
|
||||
SSLify(app)
|
||||
return None
|
||||
|
|
|
@ -29,6 +29,7 @@ SQLALCHEMY_TRACK_MODIFICATIONS = False
|
|||
|
||||
# so backend session cookies are first-party
|
||||
SESSION_COOKIE_DOMAIN = env.str('SESSION_COOKIE_DOMAIN', default=None)
|
||||
CORS_DOMAINS = env.str('CORS_DOMAINS', default='*')
|
||||
|
||||
SENDGRID_API_KEY = env.str("SENDGRID_API_KEY", default="")
|
||||
SENDGRID_DEFAULT_FROM = "noreply@grants.zfnd.org"
|
||||
|
|
Loading…
Reference in New Issue