FIX SOME SETTINGS WITH CORS AND CSRF TOKEN

basilelt · Jun 22, 2024 · 278f7e5 · 278f7e5
1 parent b7a6269
commit 278f7e5
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 18 deletions.
diff --git a/Django_Frontend/monprojet/monprojet/settings.py b/Django_Frontend/monprojet/monprojet/settings.py
@@ -39,12 +39,12 @@
 SECRET_KEY = get_random_secret_key()
 
 # SECURITY WARNING: don't run with debug turned on in production!
-if ENVIRONMENT == 'development' or ENVIRONMENT == 'test':
+if ENVIRONMENT != 'production':
     DEBUG = True
 else:
     DEBUG = False
 
-if ENVIRONMENT == 'development' or ENVIRONMENT == 'test':
+if ENVIRONMENT != 'production':
     ALLOWED_HOSTS = ['*']
 else:
     ALLOWED_HOSTS = [os.getenv('DOMAIN'), 'django-frontend']
@@ -72,10 +72,18 @@
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
-if ENVIRONMENT != 'development':
-    CSRF_TRUSTED_ORIGINS = ["https://" + os.getenv('DOMAIN'), 'http://django_frontend']
+if ENVIRONMENT != 'production':
+    CSRF_TRUSTED_ORIGINS = [
+        "https://" + os.getenv('DOMAIN'), 
+        'http://django-frontend',
+        'http://localhost:8000',
+        'http://127.0.0.1:8000',
+        ]
 else:
-    CSRF_TRUSTED_ORIGINS = ['*']
+    CSRF_TRUSTED_ORIGINS = [
+        "https://" + os.getenv('DOMAIN'), 
+        'http://django-frontend',
+        ]
 
 ROOT_URLCONF = 'monprojet.urls'
 
@@ -95,15 +103,15 @@
     },
 ]
 
-if ENVIRONMENT == 'development' or ENVIRONMENT == 'test':
+if ENVIRONMENT != 'production':
     WSGI_APPLICATION = 'monprojet.wsgi.application'
 else:
     ASGI_APPLICATION = 'monprojet.asgi.application'
 
 # Database
 # https://docs.djangoproject.com/en/5.0/ref/settings/#databases
 
-if ENVIRONMENT == 'test' or ENVIRONMENT == 'production':
+if ENVIRONMENT != 'development':
     # Use PostgreSQL for production
     DATABASES = {
         'default': {

diff --git a/Django_api/airline/airline/settings.py b/Django_api/airline/airline/settings.py
@@ -31,12 +31,12 @@
 SECRET_KEY = get_random_secret_key()
 
 # SECURITY WARNING: don't run with debug turned on in production!
-if ENVIRONMENT == 'development' or ENVIRONMENT == 'test':
+if ENVIRONMENT != 'production':
     DEBUG = True
 else:
     DEBUG = False
 
-if ENVIRONMENT == 'development' or ENVIRONMENT == 'test':
+if ENVIRONMENT != 'production':
     ALLOWED_HOSTS = ['*']
 else:
     ALLOWED_HOSTS = [os.getenv('DOMAIN'), 'django-api']
@@ -66,10 +66,21 @@
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
-if ENVIRONMENT != 'development':
-    CSRF_TRUSTED_ORIGINS = ["https://api." + os.getenv('DOMAIN'), 'http://django-api']
+if ENVIRONMENT != 'production':
+    CSRF_TRUSTED_ORIGINS = [
+        "https://api" + os.getenv('DOMAIN'), 
+        'http://django-api',
+        'http://localhost:8000',
+        'http://127.0.0.1:8000',
+        'http://localhost:8010',
+        'http://127.0.0.1:8010',
+        ]
 else:
-    CSRF_TRUSTED_ORIGINS = ['*']
+    CSRF_TRUSTED_ORIGINS = [
+        "https://api" + os.getenv('DOMAIN'), 
+        'http://django-api',
+        ]
+
 
 ROOT_URLCONF = 'airline.urls'
 
@@ -89,7 +100,7 @@
     },
 ]
 
-if ENVIRONMENT == 'development' or ENVIRONMENT == 'test':
+if ENVIRONMENT != 'production':
     WSGI_APPLICATION = 'airline.wsgi.application'
 else:
     ASGI_APPLICATION = 'airline.asgi.application'
@@ -98,7 +109,7 @@
 # Database
 # https://docs.djangoproject.com/en/5.0/ref/settings/#databases
 
-if ENVIRONMENT == 'test' or ENVIRONMENT == 'production':
+if ENVIRONMENT != 'development':
     # Use PostgreSQL for production
     DATABASES = {
         'default': {
@@ -162,7 +173,15 @@
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
 
-if ENVIRONMENT == 'development' or ENVIRONMENT == 'test':
-    CORS_ORIGIN_WHITELIST = ['*']
+if ENVIRONMENT != 'production':
+    CORS_ORIGIN_WHITELIST = [
+        "https://" + os.getenv('DOMAIN'), 
+        'http://django-frontend',
+        'http://localhost:8000',
+        'http://127.0.0.1:8000'
+        ]
 else:
-    CORS_ORIGIN_WHITELIST = ["https://api." + os.getenv('DOMAIN'), 'http://django-api']
+    CORS_ORIGIN_WHITELIST = [
+        "https://" + os.getenv('DOMAIN'), 
+        'http://django-frontend'
+        ]
diff --git a/Docker-test/Frontend/Django/Dockerfile b/Docker-test/Frontend/Django/Dockerfile
@@ -15,6 +15,7 @@ WORKDIR /app/monprojet
 ENV VIRTUAL_ENV /env
 ENV PATH /env/bin:$PATH
 
+COPY ./Docker-test/Frontend/Django/populate_db_tables.sql /app/monprojet/populate_db_tables.sql
 COPY ./Docker-test/Frontend/Django/entrypoint.sh /entrypoint.sh
 
 ENTRYPOINT ["/entrypoint.sh"]

diff --git a/Docker-test/Frontend/Django/entrypoint.sh b/Docker-test/Frontend/Django/entrypoint.sh
@@ -3,7 +3,7 @@
 echo "Checking for and applying database migrations..."
 python manage.py makemigrations
 python manage.py makemigrations monapp
-python manage.py migrate
+#python manage.py migrate
 
 # Populate the database tables from the SQL script
 echo "Populating database tables..."