fix: csrf requests with cookies

mxschmitt · mxschmitt · commit b86fcab22c70 · 2020-03-22T03:05:07.000+01:00
diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,4 @@
-Django==3.0.4
+git+https://github.com/django/django.git@ffde4d5da88da6ed40ffc090503896d329bc67f8 #  Until 3.1 is released because of SESSION_COOKIE_SAMESITE
 djangorestframework==3.11.0
 django-environ==0.4.5
 twilio==6.37.0
diff --git a/shoppingline/settings.py b/shoppingline/settings.py
@@ -126,7 +126,18 @@
         "rest_framework.renderers.JSONRenderer"
     ]
 
-CORS_ORIGIN_ALLOW_ALL = True
+CORS_ORIGIN_WHITELIST = [
+    "https://helpingagents.de"
+]
+
+CORS_ORIGIN_REGEX_WHITELIST = [
+    r"^https://.*\.now\.sh$",
+]
+
+
+CORS_ALLOW_CREDENTIALS = True
+SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_SAMESITE = "None"
 
 TWILIO_ACCOUNT_SID = env("TWILIO_ACCOUNT_SID")
 TWILIO_AUTH_TOKEN = env("TWILIO_AUTH_TOKEN")

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-Django==3.0.4`
	`1`	`+git+https://github.com/django/django.git@ffde4d5da88da6ed40ffc090503896d329bc67f8 # Until 3.1 is released because of SESSION_COOKIE_SAMESITE`
`2`	`2`	`djangorestframework==3.11.0`
`3`	`3`	`django-environ==0.4.5`
`4`	`4`	`twilio==6.37.0`