From 8847c351c10170e5598bcca570ea421f36006035 Mon Sep 17 00:00:00 2001 From: Olivier DOSSMANN Date: Thu, 7 Sep 2017 18:27:10 +0200 Subject: [PATCH] =?UTF-8?q?Activation=20de=20CORS=20pour=20l'acc=C3=A8s=20?= =?UTF-8?q?=C3=A0=20l'API=20:?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * accès total en mode développement * accès restreint à l'URL /api en mode production --- CHANGELOG | 1 + collection/collection/components/api.py | 9 +++++++++ collection/collection/components/common.py | 2 ++ collection/collection/environments/development.py | 4 +++- collection/collection/environments/production.py | 3 +++ collection/collection/settings.py | 2 +- requirements.txt | 1 + 7 files changed, 20 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 5069231..520fadd 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,6 @@ Current version (0.2) : + - Activation des requêtes CORS pour permettre à une autre application d'accéder à l'API - MàJ vers Django 1.11.5 - Activation d'une API (pour les consoles) accessible par l'administrateur (avec documentation) - Ajout d'une page d'accueil listant les jeux vidéos en cours, la liste complète et les 5 dernières activités sur ces derniers triées par date diff --git a/collection/collection/components/api.py b/collection/collection/components/api.py index 8c99e41..b867f61 100644 --- a/collection/collection/components/api.py +++ b/collection/collection/components/api.py @@ -6,3 +6,12 @@ REST_FRAMEWORK = { 'TEST_REQUEST_DEFAULT_FORMAT': 'json', 'UNICODE_JSON': True, } + +# CORS +CORS_ORIGIN_ALLOW_ALL = False # disallow all website for cross site requests + +# Authorized website for cross site requests +CORS_ORIGIN_WHITELIST = ( + 'localhost:8000', + '127.0.0.1:8000' +) diff --git a/collection/collection/components/common.py b/collection/collection/components/common.py index 4d4eb25..55c8e0e 100644 --- a/collection/collection/components/common.py +++ b/collection/collection/components/common.py @@ -27,6 +27,7 @@ INSTALLED_APPS = [ 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', + 'corsheaders', 'core', 'games.apps.GamesConfig', ] @@ -35,6 +36,7 @@ MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.locale.LocaleMiddleware', + 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', diff --git a/collection/collection/environments/development.py b/collection/collection/environments/development.py index 8ecbabf..94e20e4 100644 --- a/collection/collection/environments/development.py +++ b/collection/collection/environments/development.py @@ -7,5 +7,7 @@ SECRET_KEY = 'tqma23#v!#ecse_gz_u(1oa6+x%1uyi718an9%nefqhi$0q_eg' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True -ALLOWED_HOSTS = [] +ALLOWED_HOSTS = ['*'] +# CORS: allow all site to make cross site requests +CORS_ORIGIN_ALLOW_ALL = True diff --git a/collection/collection/environments/production.py b/collection/collection/environments/production.py index e56ce98..bf7c1a3 100644 --- a/collection/collection/environments/production.py +++ b/collection/collection/environments/production.py @@ -14,3 +14,6 @@ ALLOWED_HOSTS = [os.getenv('ALLOWED_HOSTS', '*')] # - if you use a proxy like Nginx, you need to add this line into config: # `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;` USE_X_FORWARDED_HOST = True + +# CORS: as we only need to acces API, a regular expression is enough +CORS_URLS_REGEX = r'^/api/.*$' diff --git a/collection/collection/settings.py b/collection/collection/settings.py index 1f5ade1..e573678 100644 --- a/collection/collection/settings.py +++ b/collection/collection/settings.py @@ -18,7 +18,7 @@ base_settings = [ 'components/common.py', # standard django settings 'components/database.py', # SQLite 3 'components/i18n.py', # Internationalisation and localization - 'components/api.py', # API (django rest framework) + 'components/api.py', # API (django rest framework) + CORS # Select the right env: 'environments/%s.py' % ENV, diff --git a/requirements.txt b/requirements.txt index a72a824..a996ae2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,3 +4,4 @@ PyYAML==3.12 uWSGI==2.0.15 djangorestframework==3.6.4 coreapi==2.3.1 +django-cors-headers==2.1.0