From 7bfe2ccfbcff91a6d1ed2457a4a01af9d57d7702 Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Mon, 13 May 2019 10:58:52 -0400 Subject: [PATCH] Include the http scheme for CORS_ORIGIN_WHITELIST django-cors-headers now requires them to be specified since version 3.0.0 [1]. The change is backwards compatible and works with the previous releases of django-cors-headers. [1]: https://github.com/ottoyiu/django-cors-headers/blob/master/HISTORY.rst#300-2019-05-10 Change-Id: Ie7d6170fc2e3952c4770e88bf58060df6239fbd7 --- ara/server/settings.py | 2 +- doc/source/api-configuration.rst | 88 ++++++++++++++++---------------- roles/ara_api/defaults/main.yaml | 4 +- 3 files changed, 47 insertions(+), 47 deletions(-) diff --git a/ara/server/settings.py b/ara/server/settings.py index 50e18c5f..ea9a4355 100644 --- a/ara/server/settings.py +++ b/ara/server/settings.py @@ -71,7 +71,7 @@ logger.debug("Loaded logging configuration") # Django built-in server and npm development server ALLOWED_HOSTS = settings.get("ALLOWED_HOSTS", ["::1", "127.0.0.1", "localhost"]) -CORS_ORIGIN_WHITELIST = settings.get("CORS_ORIGIN_WHITELIST", ["127.0.0.1:8000", "localhost:3000"]) +CORS_ORIGIN_WHITELIST = settings.get("CORS_ORIGIN_WHITELIST", ["http://127.0.0.1:8000", "http://localhost:3000"]) CORS_ORIGIN_ALLOW_ALL = settings.get("CORS_ORIGIN_ALLOW_ALL", False) ADMINS = settings.get("ADMINS", ()) diff --git a/doc/source/api-configuration.rst b/doc/source/api-configuration.rst index 4003ffd3..a3ef7cb5 100644 --- a/doc/source/api-configuration.rst +++ b/doc/source/api-configuration.rst @@ -19,45 +19,45 @@ Overview This is a brief overview of the different configuration options for the API server. For more details, click on the configuration parameters. -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| Environment Variable | Usage | default | -+================================+======================================================+==========================================+ -| ARA_BASE_DIR_ | Default directory for storing data and configuration | ``~/.ara/server`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_SETTINGS_ | Path to an API server configuration file | ``None`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_ENV_ | Environment to load configuration for | ``default`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_READ_LOGIN_REQUIRED_ | Whether authentication is required for reading data | ``False`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_WRITE_LOGIN_REQUIRED_ | Whether authentication is required for writing data | ``False`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_ENV_ | Environment to load configuration for | ``development`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_LOG_LEVEL_ | Log level of the different components | ``INFO`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_LOGGING_ | Logging configuration | See ARA_LOGGING_ | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_CORS_ORIGIN_WHITELIST_ | django-cors-headers's CORS_ORIGIN_WHITELIST_ setting | ``["127.0.0.1:8000", "localhost:3000"]`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_ALLOWED_HOSTS_ | Django's ALLOWED_HOSTS_ setting | ``["127.0.0.1", "localhost", "::1"]`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_DEBUG_ | Django's DEBUG_ setting | ``false`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_SECRET_KEY_ | Django's SECRET_KEY_ setting | Randomized token, see ARA_SECRET_KEY_ | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_DATABASE_ENGINE_ | Django's ENGINE_ database setting | ``django.db.backends.sqlite3`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_DATABASE_NAME_ | Django's NAME_ database setting | ``~/.ara/server/ansible.sqlite`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_DATABASE_USER_ | Django's USER_ database setting | ``None`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_DATABASE_PASSWORD_ | Django's PASSWORD_ database setting | ``None`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_DATABASE_HOST_ | Django's HOST_ database setting | ``None`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ -| ARA_DATABASE_PORT_ | Django's PORT_ database setting | ``None`` | -+--------------------------------+------------------------------------------------------+------------------------------------------+ ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| Environment Variable | Usage | default | ++================================+======================================================+========================================================+ +| ARA_BASE_DIR_ | Default directory for storing data and configuration | ``~/.ara/server`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_SETTINGS_ | Path to an API server configuration file | ``None`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_ENV_ | Environment to load configuration for | ``default`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_READ_LOGIN_REQUIRED_ | Whether authentication is required for reading data | ``False`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_WRITE_LOGIN_REQUIRED_ | Whether authentication is required for writing data | ``False`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_ENV_ | Environment to load configuration for | ``development`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_LOG_LEVEL_ | Log level of the different components | ``INFO`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_LOGGING_ | Logging configuration | See ARA_LOGGING_ | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_CORS_ORIGIN_WHITELIST_ | django-cors-headers's CORS_ORIGIN_WHITELIST_ setting | ``["http://127.0.0.1:8000", "http://localhost:3000"]`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_ALLOWED_HOSTS_ | Django's ALLOWED_HOSTS_ setting | ``["127.0.0.1", "localhost", "::1"]`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_DEBUG_ | Django's DEBUG_ setting | ``false`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_SECRET_KEY_ | Django's SECRET_KEY_ setting | Randomized token, see ARA_SECRET_KEY_ | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_DATABASE_ENGINE_ | Django's ENGINE_ database setting | ``django.db.backends.sqlite3`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_DATABASE_NAME_ | Django's NAME_ database setting | ``~/.ara/server/ansible.sqlite`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_DATABASE_USER_ | Django's USER_ database setting | ``None`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_DATABASE_PASSWORD_ | Django's PASSWORD_ database setting | ``None`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_DATABASE_HOST_ | Django's HOST_ database setting | ``None`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ +| ARA_DATABASE_PORT_ | Django's PORT_ database setting | ``None`` | ++--------------------------------+------------------------------------------------------+--------------------------------------------------------+ .. _CORS_ORIGIN_WHITELIST: https://github.com/ottoyiu/django-cors-headers .. _STATIC_ROOT: https://docs.djangoproject.com/en/2.1/ref/settings/#std:setting-STATIC_ROOT @@ -253,17 +253,17 @@ ARA_CORS_ORIGIN_WHITELIST - **Default**: ``["127.0.0.1:8000", "localhost:3000"]`` - **Examples**: - - ``export ARA_CORS_ORIGIN_WHITELIST="['api.ara.example.org', 'web.ara.example.org']"`` + - ``export ARA_CORS_ORIGIN_WHITELIST="['https://api.ara.example.org', 'https://web.ara.example.org']"`` - In a YAML configuration file:: dev: CORS_ORIGIN_WHITELIST: - - 127.0.0.1:8000 - - localhost:3000 + - http://127.0.0.1:8000 + - http://localhost:3000 production: CORS_ORIGIN_WHITELIST: - - api.ara.example.org - - web.ara.example.org + - https://api.ara.example.org + - https://web.ara.example.org Hosts in the whitelist for `Cross-Origin Resource Sharing `_. diff --git a/roles/ara_api/defaults/main.yaml b/roles/ara_api/defaults/main.yaml index f5f7d659..6d6945f6 100644 --- a/roles/ara_api/defaults/main.yaml +++ b/roles/ara_api/defaults/main.yaml @@ -131,8 +131,8 @@ ara_api_cors_origin_allow_all: false # ARA_CORS_ORIGIN_WHITELIST - django-cors-headers’s CORS_ORIGIN_WHITELIST setting ara_api_cors_origin_whitelist: - - "127.0.0.1:8000" - - "localhost:3000" + - "http://127.0.0.1:8000" + - "http://localhost:3000" # ARA_SERVER_ALLOWED_HOSTS - Django’s ALLOWED_HOSTS setting ara_api_allowed_hosts: