Skip to content

Commit 381bef6

Browse files
committed
refactor: update CORS variable naming
Refs: KK-1463
1 parent 89d2927 commit 381bef6

3 files changed

Lines changed: 5 additions & 6 deletions

File tree

.env.example

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
SECRET_KEY=
2-
CORS_ORIGIN_ALLOW_ALL=1
32
APPLY_MIGRATIONS=1
43
ADD_DEFAULT_LANGUAGES=1
54
DEBUG=1
@@ -22,7 +21,7 @@ POSTGRES_DB=kukkuu
2221
SKIP_DATABASE_CHECK=0
2322
ALLOWED_HOSTS=*
2423
CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3001,http://localhost:3002
25-
CORS_ORIGIN_ALLOW_ALL=True
24+
CORS_ALLOW_ALL_ORIGINS=True
2625
# For Keycloak test environment authentication service:
2726
TOKEN_AUTH_AUTHSERVER_URL=https://tunnistus.test.hel.ninja/auth/realms/helsinki-tunnistus
2827
# For local Tunnistamo authentication service:

kukkuu/settings.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@
5454
SENTRY_ENVIRONMENT=(str, ""),
5555
CORS_ALLOWED_ORIGINS=(list, []),
5656
CORS_ALLOWED_ORIGIN_REGEXES=(list, []),
57-
CORS_ORIGIN_ALLOW_ALL=(bool, False),
57+
CORS_ALLOW_ALL_ORIGINS=(bool, False),
5858
SOCIAL_AUTH_TUNNISTAMO_KEY=(str, ""),
5959
SOCIAL_AUTH_TUNNISTAMO_SECRET=(str, ""),
6060
SOCIAL_AUTH_TUNNISTAMO_OIDC_ENDPOINT=(str, ""),
@@ -329,7 +329,7 @@ def sentry_before_send(event: Event, hint: Hint):
329329

330330
CORS_ALLOWED_ORIGINS = env("CORS_ALLOWED_ORIGINS")
331331
CORS_ALLOWED_ORIGIN_REGEXES = env("CORS_ALLOWED_ORIGIN_REGEXES")
332-
CORS_ORIGIN_ALLOW_ALL = env("CORS_ORIGIN_ALLOW_ALL")
332+
CORS_ALLOW_ALL_ORIGINS = env("CORS_ALLOW_ALL_ORIGINS")
333333

334334
# Configure the default CSP rule for different source types
335335
CSP_DEFAULT_SRC = ["'self'"]

kukkuu/tests/test_cors.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ def test_cors_allowed_origin(settings, live_server, client: Client):
77
settings.CORS_ALLOWED_ORIGINS = [
88
live_server.url,
99
]
10-
settings.CORS_ORIGIN_ALLOW_ALL = False
10+
settings.CORS_ALLOW_ALL_ORIGINS = False
1111
response = client.get("/admin/login/", HTTP_ORIGIN=live_server.url)
1212
assert response.status_code == 200
1313
assert response["Access-Control-Allow-Origin"] == live_server.url
@@ -16,7 +16,7 @@ def test_cors_allowed_origin(settings, live_server, client: Client):
1616
@pytest.mark.django_db(transaction=True)
1717
def test_cors_disallowed_origin(settings, live_server, client: Client):
1818
settings.CORS_ALLOWED_ORIGINS = [live_server.url]
19-
settings.CORS_ORIGIN_ALLOW_ALL = False
19+
settings.CORS_ALLOW_ALL_ORIGINS = False
2020
response = client.get("/admin/login/", HTTP_ORIGIN="http://malicious.com")
2121
assert response.status_code == 200 # The request still succeeds...
2222
assert (

0 commit comments

Comments
 (0)