From 1bb80548d20042d3fb347a3b533728111a8d46dd Mon Sep 17 00:00:00 2001 From: Solo Date: Thu, 16 Aug 2018 21:29:03 +0800 Subject: [PATCH] Refs feedback: - fix requirements.txt - change static CORS regex into configurable tuple list --- paperless.conf.example | 5 +++++ requirements.txt | 2 +- src/paperless/settings.py | 8 ++++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/paperless.conf.example b/paperless.conf.example index 3d90b2915..8aa33216f 100644 --- a/paperless.conf.example +++ b/paperless.conf.example @@ -89,6 +89,11 @@ PAPERLESS_EMAIL_SECRET="" # as is "example.com,www.example.com", but NOT " example.com" or "example.com," #PAPERLESS_ALLOWED_HOSTS="example.com,www.example.com" +# If you decide to use Paperless APIs in an ajax calls, you need to add your +# servers to the allowed hosts that can do CORS calls. By default Paperless allows +# calls from localhost:8080. The same rules as above how the list should look like. +#PAPERLESS_CORS_ALLOWED_HOSTS="localhost:8080,example.com,localhost:8000" + # To host paperless under a subpath url like example.com/paperless you set # this value to /paperless. No trailing slash! # diff --git a/requirements.txt b/requirements.txt index 81dcbb6d5..125a89ac7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,7 +5,7 @@ chardet==3.0.4 coverage==4.5.1 coveralls==1.3.0 dateparser==0.7.0 -django-cors-headers=2.4.0 +django-cors-headers==2.4.0 django-crispy-forms==1.7.2 django-extensions==2.0.7 django-filter==1.1.0 diff --git a/src/paperless/settings.py b/src/paperless/settings.py index ed79adade..cd157c180 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -94,8 +94,12 @@ MIDDLEWARE_CLASSES = [ 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] -# We allow CORS from localhosts -CORS_ORIGIN_REGEX_WHITELIST = (r'^(https?:\/\/)?localhost(:[0-9]{4})?$', ) +# We allow CORS from localhost:8080 +CORS_ORIGIN_WHITELIST = ("localhost:8080") +_allowed_cors_hosts = os.getenv("PAPERLESS_CORS_ALLOWED_HOSTS") +if _allowed_cors_hosts: + CORS_ORIGIN_WHITELIST = tuple(_allowed_cors_hosts.split(",")) + # If auth is disabled, we just use our "bypass" authentication middleware if bool(os.getenv("PAPERLESS_DISABLE_LOGIN", "false").lower() in ("yes", "y", "1", "t", "true")):