fix: fix cors settings

FGFnet · Feb 15, 2024 · b9a9820 · b9a9820
1 parent 1067c24
commit b9a9820
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 14 deletions.
diff --git a/backend/fnet/dev_settings.py b/backend/fnet/dev_settings.py
@@ -19,4 +19,13 @@
 
 ALLOWED_HOSTS = ["*"]
 
-DATA_DIR = f"{BASE_DIR}/data/django"
+DATA_DIR = f"{BASE_DIR}/data/django"
+
+CSRF_TRUSTED_ORIGINS = ["127.0.0.1:8000", "localhost:8000"]
+
+CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_CREDENTIALS = True
+CORS_ORIGIN_WHITELIST = (
+    'http://localhost:8000',
+    'http://127.0.0.1:8000',
+)
diff --git a/backend/fnet/production_settings.py b/backend/fnet/production_settings.py
@@ -15,6 +15,15 @@
 
 SECRET_KEY = get_env("DJANGO_SECRET_KEY")
 
-ALLOWED_HOSTS = ["*"]
+# ALLOWED_HOSTS = ["*"]
 
-DATA_DIR = "/data"
+DATA_DIR = "/data"
+
+CSRF_TRUSTED_ORIGINS = ["https://fgnet.click"]
+
+CORS_ALLOWED_ORIGINS = ["https://fgnet.click"]
+CORS_ORIGIN_ALLOW_ALL = False
+CORS_ORIGIN_WHITELIST = (
+    "https://fgnet.click", 
+    "http://localhost:3000"
+)
diff --git a/backend/fnet/settings.py b/backend/fnet/settings.py
@@ -30,17 +30,17 @@
 # SECRET_KEY = 'django-insecure-8l87s(fcz$l*hni4bs-9)rpdhzrab3=sc(fgz=b5ecau&1k0j9'
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+# DEBUG = True
 
-ALLOWED_HOSTS = ['*']
+# ALLOWED_HOSTS = ['*']
 
-CORS_ORIGIN_ALLOW_ALL = True
-CORS_ALLOW_CREDENTIALS = True
-CSRF_TRUSTED_ORIGINS = ["127.0.0.1:8000", "localhost:8000"]
-CORS_ORIGIN_WHITELIST = (
-    'https://localhost:8000',
-    'https://127.0.0.1:8000',
-)
+# CORS_ORIGIN_ALLOW_ALL = True
+# CORS_ALLOW_CREDENTIALS = True
+# CSRF_TRUSTED_ORIGINS = ["127.0.0.1:8000", "localhost:8000"]
+# CORS_ORIGIN_WHITELIST = (
+#     'https://localhost:8000',
+#     'https://127.0.0.1:8000',
+# )
 CORS_ALLOW_HEADERS = (
     'access-control-allow-credentials',
     'access-control-allow-origin',

diff --git a/frontend/src/service/base.service.ts b/frontend/src/service/base.service.ts
@@ -64,8 +64,8 @@ class RequestConfig {
 
 class BaseService {
   private getConfig(token?: string): RequestConfig {
-    const requestConfig = new RequestConfig('https://fgnet.click/api/')
-    // const requestConfig = new RequestConfig('http://127.0.0.1:8000/api/')
+    // const requestConfig = new RequestConfig('https://fgnet.click/api/')
+    const requestConfig = new RequestConfig('http://127.0.0.1:8000/api/')
 
     if (token) {
       requestConfig.setToken(token)