From f4dd4ce93b1ceb20ac5956adfe8437a877c17b15 Mon Sep 17 00:00:00 2001 From: Florimond Manca <florimond.manca@gmail.com> Date: Tue, 15 May 2018 22:44:44 +0100 Subject: [PATCH] Add *oser-cs.fr to CORS whitelist --- project/project/settings/common.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/project/project/settings/common.py b/project/project/settings/common.py index 5b270fe..e7a0ab5 100644 --- a/project/project/settings/common.py +++ b/project/project/settings/common.py @@ -113,12 +113,10 @@ CORS_ORIGIN_REGEX_WHITELIST = ( # Allow local hosts on any port r'^(https?://)?localhost(:\d+)?$', r'^(https?://)?127\.0\.0\.1(:\d+)?$', - # Allow hosts such as: - # - https://oser-cs.herokuapp.com - # - https://oser-frontend-dev.herokuapp.com - # (but also https://unknown.herokuapp.com...) - # Essentially allows any frontend hosted on Heroku to send CORS requests. - r'^(https?://)?(.+\.)?herokuapp\.com$' + # Allow any app hosted on Heroku + r'^(https?://)?(.+\.)?herokuapp\.com$', + # Allow any app on *oser-cs.fr + r'^(https?://)?(.+\.)?oser-cs\.fr$', ) X_FRAME_OPTIONS = 'DENY' # refuse to serve in an <iframe> -- GitLab