From bccf21e184b9208bcec73f65427ba1e11d05199e Mon Sep 17 00:00:00 2001
From: Nathaniel Kim <nkim8@mit.edu>
Date: Mon, 28 Dec 2020 12:35:51 -0800
Subject: [PATCH] THIS_URL setting improve, use in cors origin

---
 backend/api/views.py    | 5 +----
 backend/dev_settings.py | 1 +
 backend/docs/SETUP.md   | 4 ++++
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/backend/api/views.py b/backend/api/views.py
index ca4ab4ab..4484c789 100644
--- a/backend/api/views.py
+++ b/backend/api/views.py
@@ -143,10 +143,7 @@ def signed_upload_url(file_path, bucket):
         # https://stackoverflow.com/questions/25688608/xmlhttprequest-cors-to-google-cloud-storage-only-working-in-preflight-request
         # https://stackoverflow.com/questions/46971451/cors-request-made-despite-error-in-console
         # https://googleapis.dev/python/storage/latest/blobs.html
-        # TODO this should be dynamic.
-        # in fact, "this website" should become a config setting;
-        # also, in the setup readme, should be a note about changing this setting
-        return blob.create_resumable_upload_session(origin='http://localhost:3000')
+        return blob.create_resumable_upload_session(origin=settings.THIS_URL)
 
     @staticmethod
     def signed_download_url(file_path, bucket):
diff --git a/backend/dev_settings.py b/backend/dev_settings.py
index 26a32776..197a022f 100644
--- a/backend/dev_settings.py
+++ b/backend/dev_settings.py
@@ -40,6 +40,7 @@
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
+THIS_URL = 'http://localhost:3000'
 
 # Application definition
 INSTALLED_APPS += ['debug_toolbar']
diff --git a/backend/docs/SETUP.md b/backend/docs/SETUP.md
index 9f2b2e88..2a250df9 100644
--- a/backend/docs/SETUP.md
+++ b/backend/docs/SETUP.md
@@ -66,6 +66,10 @@ Deployment is done through the Google Cloud Platform. You'll need access to the
 
 With that, you can start here --
 
+### Configuring Settings
+
+After registering a domain name for the competition, set `THIS_URL` (in `settings.py`) to that domain.
+
 ### Storage Buckets
 Go to "Storage" on GCP console. A bucket for submissions should have been created (if not, instructions are in the infrastructure readme.)
 Set up the CORS policy, which allows us to upload to the bucket on external websites. Find `docs/cors,json`; in there, update the domain URLs listed. Then, run `gsutil cors set path/to/cors.json gs://bc21-submissions` (updating the bucket name) to whatever it is this year.