Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: developer setup for non ngrok users #3388

Closed
wants to merge 1 commit into from
Closed

fix: developer setup for non ngrok users #3388

wants to merge 1 commit into from

Conversation

wizzah
Copy link

@wizzah wizzah commented Jul 1, 2024
edited
Loading

Adds CORS_ORIGIN_WHITELIST to settings when debug is on, which fixes a CSRF verification error

Are you finished?

Linters

  • I have checked my code with black, pylint, and mypy, or ./bw-dev formatters

Tests

  • My changes do not need new tests
  • All tests I have added are passing
  • I have written tests but need help to make them pass
  • I have not written tests and need help to write them

What type of Pull Request is this?

  • Bug Fix
  • Enhancement
  • Plumbing / Internals / Dependencies
  • Refactor

Does this PR change settings or dependencies, or break something?

  • This PR changes or adds default settings, configuration, or .env values
  • This PR changes or adds dependencies
  • This PR introduces other breaking changes

Details of breaking or configuration changes (if any of above checked)

Description

  • Related Issue #
  • Closes #

Documentation

  • New or amended documentation will be required if this PR is merged
  • I have created a matching pull request in the Documentation repository
  • I intend to create a matching pull request in the Documentation repository after this PR is merged

@wizzah
fix: developer setup for non grok users
c813448 
Adds CORS_ORIGIN_WHITELIST to settings when debug is on, which fixes a CSRF verification error
dato
dato reviewed Jul 13, 2024
View reviewed changes
bookwyrm/settings.py
@@ -368,6 +368,9 @@
BASE_URL = f"{PROTOCOL}://{NETLOC}"
CSRF_TRUSTED_ORIGINS = [BASE_URL]

if DEBUG:
CORS_ORIGIN_WHITELIST = [BASE_URL]
Copy link
Contributor

@dato dato Jul 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello!

I searched the Django docs for this setting, but could only find it in the docs for the django-cors-headers package. Is this setting useful without installing that?

If you can, I'd like to understand how to reproduce the CSRF failure that this fixes. I can run a non-ngrok setup myself with:

DOMAIN="localhost:1335"
DEBUG="true"
USE_HTTPS="no"

and login works, and could not see any breakage.

Thanks!!

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking a look! I'll try to recreate the issue again

@mouse-reeve
Copy link
Member

I had the same experience as @dato when trying to log in using localhost, so I'm going to close this PR. Thank you both for working on this!

@mouse-reeve mouse-reeve closed this Aug 9, 2024
@mouse-reeve mouse-reeve mentioned this pull request Oct 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dato dato dato left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wizzah @mouse-reeve @dato