diff options
| author |  Joe Banks <[email protected]> | 2021-03-06 19:54:33 +0000 |
|---|---|---|
| committer |  GitHub <[email protected]> | 2021-03-06 19:54:33 +0000 |
| commit | 0f363c26271594de42ee05bb59a99e99c6e12de1 (patch) | |
| tree | 2e409cac18da2f976b5593065a185cec01e90c85 /backend/__init__.py | |
| parent | Merge pull request #62 from python-discord/dependabot/pip/uvicorn-0.13.4 (diff) | |
| parent | Merge branch 'main' into token-expiry (diff) | |
Merge pull request #58 from python-discord/token-expiry
Diffstat (limited to 'backend/__init__.py')
| -rw-r--r-- | backend/__init__.py | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/backend/__init__.py b/backend/__init__.py index a3704a0..220b457 100644 --- a/backend/__init__.py +++ b/backend/__init__.py @@ -7,10 +7,21 @@ from starlette.middleware.cors import CORSMiddleware from backend import constants from backend.authentication import JWTAuthenticationBackend -from backend.route_manager import create_route_map from backend.middleware import DatabaseMiddleware, ProtectedDocsMiddleware +from backend.route_manager import create_route_map from backend.validation import api +ORIGINS = [ + r"(https://[^.?#]*--pydis-forms\.netlify\.app)", # Netlify Previews + r"(https?://[^.?#]*.forms-frontend.pages.dev)", # Cloudflare Previews +] + +if not constants.PRODUCTION: + # Allow all hosts on non-production deployments + ORIGINS.append(r"(.*)") + +ALLOW_ORIGIN_REGEX = "|".join(ORIGINS) + sentry_sdk.init( dsn=constants.FORMS_BACKEND_DSN, send_default_pii=True, @@ -20,13 +31,13 @@ sentry_sdk.init( middleware = [ Middleware( CORSMiddleware, - # TODO: Convert this into a RegEx that works for prod, netlify & previews - allow_origins=["*"], + allow_origins=["https://forms.pythondiscord.com"], + allow_origin_regex=ALLOW_ORIGIN_REGEX, allow_headers=[ - "Authorization", "Content-Type" ], - allow_methods=["*"] + allow_methods=["*"], + allow_credentials=True ), Middleware(DatabaseMiddleware), Middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend()), |