Skip to content

Commit 75b150d

Browse files
committed
refactor: update CORS variable naming
Refs: PT-1940
1 parent c3e849e commit 75b150d

3 files changed

Lines changed: 5 additions & 6 deletions

File tree

.env.example

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ POSTGRES_DB=kultus
4545
SKIP_DATABASE_CHECK=0
4646
ALLOWED_HOSTS=*
4747
CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3001,http://localhost:3002
48-
CORS_ORIGIN_ALLOW_ALL=True
48+
CORS_ALLOW_ALL_ORIGINS=True
4949
TOKEN_AUTH_BROWSER_TEST_ENABLED=1
5050
TOKEN_AUTH_BROWSER_TEST_JWT_256BIT_SIGN_SECRET=your-256-bit-secret
5151
TOKEN_AUTH_BROWSER_TEST_JWT_ISSUER=https://kultus-ui.test.hel.ninja,https://kultus-admin-ui.test.hel.ninja

palvelutarjotin/settings.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@
4949
SENTRY_ENVIRONMENT=(str, ""),
5050
CORS_ALLOWED_ORIGINS=(list, []),
5151
CORS_ALLOWED_ORIGIN_REGEXES=(list, []),
52-
CORS_ORIGIN_ALLOW_ALL=(bool, False),
52+
CORS_ALLOW_ALL_ORIGINS=(bool, False),
5353
TOKEN_AUTH_ACCEPTED_SCOPE_PREFIX=(str, ""),
5454
TOKEN_AUTH_REQUIRE_SCOPE_PREFIX=(bool, False),
5555
TOKEN_AUTH_ACCEPTED_AUDIENCE=(list, ["kultus-api-dev"]),
@@ -268,8 +268,7 @@
268268

269269
CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS")
270270
CORS_ALLOWED_ORIGIN_REGEXES = env.list("CORS_ALLOWED_ORIGIN_REGEXES")
271-
CORS_ORIGIN_ALLOW_ALL = env.bool("CORS_ORIGIN_ALLOW_ALL")
272-
271+
CORS_ALLOW_ALL_ORIGINS = env.bool("CORS_ALLOW_ALL_ORIGINS")
273272

274273
# Configure the default CSP rule for different source types
275274
CSP_DEFAULT_SRC = [CSP.SELF]

palvelutarjotin/tests/test_cors.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ def test_cors_allowed_origin(settings, live_server, client: Client):
77
settings.CORS_ALLOWED_ORIGINS = [
88
live_server.url,
99
]
10-
settings.CORS_ORIGIN_ALLOW_ALL = False
10+
settings.CORS_ALLOW_ALL_ORIGINS = False
1111
response = client.get("/admin/login/", HTTP_ORIGIN=live_server.url)
1212
assert response.status_code == 200
1313
assert response["Access-Control-Allow-Origin"] == live_server.url
@@ -16,7 +16,7 @@ def test_cors_allowed_origin(settings, live_server, client: Client):
1616
@pytest.mark.django_db(transaction=True)
1717
def test_cors_disallowed_origin(settings, live_server, client: Client):
1818
settings.CORS_ALLOWED_ORIGINS = [live_server.url]
19-
settings.CORS_ORIGIN_ALLOW_ALL = False
19+
settings.CORS_ALLOW_ALL_ORIGINS = False
2020
response = client.get("/admin/login/", HTTP_ORIGIN="http://malicious.com")
2121
assert response.status_code == 200 # The request still succeeds...
2222
assert (

0 commit comments

Comments
 (0)