diff options
| author |  Hassan Abouelela <[email protected]> | 2021-03-07 04:17:54 +0300 |
|---|---|---|
| committer |  GitHub <[email protected]> | 2021-03-07 04:17:54 +0300 |
| commit | 9b47639ca31a14dfce59b2e8a395cea43fea91d2 (patch) | |
| tree | 5a4392bdc8279b6e23d36441017562f8bc804847 /backend/__init__.py | |
| parent | Bump httpx from 0.16.1 to 0.17.0 (diff) | |
| parent | Corrects Token Cookie Domain (diff) | |
Merge branch 'main' into dependabot/pip/httpx-0.17.0
Diffstat (limited to 'backend/__init__.py')
| -rw-r--r-- | backend/__init__.py | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/backend/__init__.py b/backend/__init__.py index a3704a0..220b457 100644 --- a/backend/__init__.py +++ b/backend/__init__.py @@ -7,10 +7,21 @@ from starlette.middleware.cors import CORSMiddleware from backend import constants from backend.authentication import JWTAuthenticationBackend -from backend.route_manager import create_route_map from backend.middleware import DatabaseMiddleware, ProtectedDocsMiddleware +from backend.route_manager import create_route_map from backend.validation import api +ORIGINS = [ + r"(https://[^.?#]*--pydis-forms\.netlify\.app)", # Netlify Previews + r"(https?://[^.?#]*.forms-frontend.pages.dev)", # Cloudflare Previews +] + +if not constants.PRODUCTION: + # Allow all hosts on non-production deployments + ORIGINS.append(r"(.*)") + +ALLOW_ORIGIN_REGEX = "|".join(ORIGINS) + sentry_sdk.init( dsn=constants.FORMS_BACKEND_DSN, send_default_pii=True, @@ -20,13 +31,13 @@ sentry_sdk.init( middleware = [ Middleware( CORSMiddleware, - # TODO: Convert this into a RegEx that works for prod, netlify & previews - allow_origins=["*"], + allow_origins=["https://forms.pythondiscord.com"], + allow_origin_regex=ALLOW_ORIGIN_REGEX, allow_headers=[ - "Authorization", "Content-Type" ], - allow_methods=["*"] + allow_methods=["*"], + allow_credentials=True ), Middleware(DatabaseMiddleware), Middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend()), |