Skip to content

Commit

Permalink
set CORS_REPLACE_HTTPS_REFERER option to True (cvat-ai#895)
Browse files Browse the repository at this point in the history
  • Loading branch information
azhavoro authored and Chris Lee-Messer committed Mar 5, 2020
1 parent 21d190f commit 68580fc
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion cvat/requirements/base.txt
Original file line number Diff line number Diff line change
Expand Up @@ -45,5 +45,5 @@ keras==2.2.5
opencv-python==4.1.0.25
h5py==2.9.0
imgaug==0.2.9
django-cors-headers==3.0.2
django-cors-headers==3.2.0
furl==2.0.0
5 changes: 4 additions & 1 deletion cvat/settings/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -174,13 +174,15 @@ def generate_ssh_keys():
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
# FIXME
# 'corsheaders.middleware.CorsPostCsrfMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'dj_pagination.middleware.PaginationMiddleware',
'corsheaders.middleware.CorsMiddleware',
]

# Cross-Origin Resource Sharing settings for CVAT UI
Expand All @@ -191,6 +193,7 @@ def generate_ssh_keys():
CSRF_TRUSTED_ORIGINS = [UI_HOST]
UI_URL = '{}://{}:{}'.format(UI_SCHEME, UI_HOST, UI_PORT)
CORS_ORIGIN_WHITELIST = [UI_URL]
CORS_REPLACE_HTTPS_REFERER = True

STATICFILES_FINDERS = [
'django.contrib.staticfiles.finders.FileSystemFinder',
Expand Down

0 comments on commit 68580fc

Please sign in to comment.