From 7bec359f268d860fb979f9b4d7e2bd4a581c696b Mon Sep 17 00:00:00 2001 From: Sean Morley Date: Mon, 8 Jul 2024 15:31:02 -0400 Subject: [PATCH] chore: Update CORS and CSRF settings for demo purposes --- backend/server/demo/settings.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/backend/server/demo/settings.py b/backend/server/demo/settings.py index bf774a7..c026b92 100644 --- a/backend/server/demo/settings.py +++ b/backend/server/demo/settings.py @@ -188,6 +188,17 @@ SWAGGER_SETTINGS = { # For demo purposes only. Use a white list in the real world. -CORS_ORIGIN_ALLOW_ALL = True +CORS_ORIGIN_ALLOW_ALL = False + +CORS_ALLOWED_ORIGINS = [ + 'http://localhost:3000', + 'http://adventurelog.app', + 'https://api.adventurelog.app', +] + +CSRF_TRUSTED_ORIGINS = [ + 'https://api.adventurelog.app', + 'https://adventurelog.app', +] DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'