Skip to content

Commit

Permalink
Update settings.py to support more django settings
Browse files Browse the repository at this point in the history
- Now required by 4.2
- Prevents running behind proxy
- CSRF_TRUSTED_ORIGINS
- USE_X_FORWARDED_HOST
- USE_X_FORWARDED_PORT
- Update config template file also.
  • Loading branch information
SchrodingersGat committed Feb 8, 2024
1 parent 633fbd3 commit 1d89630
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 4 deletions.
26 changes: 26 additions & 0 deletions InvenTree/InvenTree/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -120,15 +120,41 @@
# The filesystem location for uploaded meadia files
MEDIA_ROOT = config.get_media_dir()

''

# List of allowed hosts (default = allow all)
# Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#allowed-hosts
ALLOWED_HOSTS = get_setting(
'INVENTREE_ALLOWED_HOSTS',
config_key='allowed_hosts',
default_value=['*'],
typecast=list,
)

# List of trusted origins for unsafe requests
# Ref: https://docs.djangoproject.com/en/4.2/ref/settings/#csrf-trusted-origins
CSRF_TRUSTED_ORIGINS = get_setting(
'INVENTREE_TRUSTED_ORIGINS',
config_key='trusted_origins',
default_value=[],
typecast=list,
)

USE_X_FORWARDED_HOST = get_boolean_setting(
'INVENTREE_USE_X_FORWARDED_HOST',
config_key='use_x_forwarded_host',
default_value=False,
)

USE_X_FORWARDED_PORT = get_boolean_setting(
'INVENTREE_USE_X_FORWARDED_PORT',
config_key='use_x_forwarded_port',
default_value=False,
)

# Cross Origin Resource Sharing (CORS) options
# Refer to the django-cors-headers documentation for more information
# Ref: https://github.com/adamchainz/django-cors-headers

# Extract CORS options from configuration file
CORS_ALLOW_ALL_ORIGINS = get_boolean_setting(
Expand Down
22 changes: 18 additions & 4 deletions InvenTree/config_template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -171,13 +171,27 @@ auto_update: False
allowed_hosts:
- '*'

# Cross Origin Resource Sharing (CORS) settings (see https://github.com/ottoyiu/django-cors-headers)
# Following parameters are
# Trusted origins (see CSRF_TRUSTED_ORIGINS in Django settings documentation)
# If you are running behind a proxy, you may need to add the proxy address here
trusted_origins:
- 'http://localhost:8000'


# Proxy forwarding settings
# If InvenTree is running behind a proxy, you may need to configure these settings

# Override with the environment variable INVENTREE_USE_X_FORWARDED_HOST
use_x_forwarded_host: false

# Override with the environment variable INVENTREE_USE_X_FORWARDED_PORT
use_x_forwarded_port: false

# Cross Origin Resource Sharing (CORS) settings (see https://github.com/adamchainz/django-cors-headers)
cors:
# CORS_ORIGIN_ALLOW_ALL - If True, the whitelist will not be used and all origins will be accepted.
# CORS_ALLOW_ALL_ORIGINS - If True, the whitelist will not be used and all origins will be accepted.
allow_all: True

# CORS_ORIGIN_WHITELIST - A list of origins that are authorized to make cross-site HTTP requests. Defaults to []
# CORS_ALLOWED_ORIGINS - A list of origins that are authorized to make cross-site HTTP requests. Defaults to []
# whitelist:
# - https://example.com
# - https://sub.example.com
Expand Down

0 comments on commit 1d89630

Please sign in to comment.