From f4dd4ce93b1ceb20ac5956adfe8437a877c17b15 Mon Sep 17 00:00:00 2001
From: Florimond Manca <florimond.manca@gmail.com>
Date: Tue, 15 May 2018 22:44:44 +0100
Subject: [PATCH] Add *oser-cs.fr to CORS whitelist

---
 project/project/settings/common.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/project/project/settings/common.py b/project/project/settings/common.py
index 5b270fe..e7a0ab5 100644
--- a/project/project/settings/common.py
+++ b/project/project/settings/common.py
@@ -113,12 +113,10 @@ CORS_ORIGIN_REGEX_WHITELIST = (
     # Allow local hosts on any port
     r'^(https?://)?localhost(:\d+)?$',
     r'^(https?://)?127\.0\.0\.1(:\d+)?$',
-    # Allow hosts such as:
-    # - https://oser-cs.herokuapp.com
-    # - https://oser-frontend-dev.herokuapp.com
-    # (but also https://unknown.herokuapp.com...)
-    # Essentially allows any frontend hosted on Heroku to send CORS requests.
-    r'^(https?://)?(.+\.)?herokuapp\.com$'
+    # Allow any app hosted on Heroku
+    r'^(https?://)?(.+\.)?herokuapp\.com$',
+    # Allow any app on *oser-cs.fr
+    r'^(https?://)?(.+\.)?oser-cs\.fr$',
 )
 X_FRAME_OPTIONS = 'DENY'  # refuse to serve in an <iframe>
 
-- 
GitLab