From 64adde003302d8a0a879a34cf7ce750c31c001e6 Mon Sep 17 00:00:00 2001 From: sreenaths Date: Thu, 14 Mar 2024 23:51:00 -0700 Subject: [PATCH] [api] Provide configs to control CORS --- desktop/core/src/desktop/conf.py | 20 ++++++++++++++++++++ desktop/core/src/desktop/settings.py | 18 +++++++++--------- 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/desktop/core/src/desktop/conf.py b/desktop/core/src/desktop/conf.py index 71a8dc5211..b1a13c8d04 100644 --- a/desktop/core/src/desktop/conf.py +++ b/desktop/core/src/desktop/conf.py @@ -1790,6 +1790,26 @@ def get_instrumentation_default(): default="django.core.mail.backends.smtp.EmailBackend" ) +CORS_ENABLED = Config( + key="cors_enabled", + help=_("Enable or disable Cross-Origin Resource Sharing (CORS). Defaults to True."), + type=coerce_bool, + default=True +) + +CORS_ALLOW_CREDENTIALS = Config( + key="cors_allow_credentials", + help=_("This value determines whether the server allows cookies in the cross-site HTTP requests. Defaults to True."), + type=coerce_bool, + default=True +) + +CORS_ALLOWED_ORIGINS = Config( + key="cors_allowed_origins", + help=_("A comma separated list of origins allowed for CORS."), + type=coerce_csv +) + ENABLE_SQL_SYNTAX_CHECK = Config( key='enable_sql_syntax_check', default=True, diff --git a/desktop/core/src/desktop/settings.py b/desktop/core/src/desktop/settings.py index aa7f41e89a..0c096f4f86 100644 --- a/desktop/core/src/desktop/settings.py +++ b/desktop/core/src/desktop/settings.py @@ -370,16 +370,16 @@ EMAIL_BACKEND = desktop.conf.DJANGO_EMAIL_BACKEND.get() EMAIL_SUBJECT_PREFIX = 'Hue %s - ' % desktop.conf.CLUSTER_ID.get() +if desktop.conf.CORS_ENABLED.get(): + # Permissive CORS for public /api + INSTALLED_APPS.append('corsheaders') + MIDDLEWARE.insert(0, 'corsheaders.middleware.CorsMiddleware') -# Permissive CORS for public /api -INSTALLED_APPS.append('corsheaders') -MIDDLEWARE.insert(0, 'corsheaders.middleware.CorsMiddleware') -CORS_URLS_REGEX = r'^/api/.*$|/saml2/login/' -CORS_ALLOW_CREDENTIALS = True -if sys.version_info[0] > 2: - CORS_ALLOW_ALL_ORIGINS = True -else: - CORS_ORIGIN_ALLOW_ALL = True + CORS_URLS_REGEX = r'^/api/.*$|/saml2/login/' + CORS_ALLOW_CREDENTIALS = desktop.conf.CORS_ALLOW_CREDENTIALS.get() + + CORS_ALLOWED_ORIGINS = desktop.conf.CORS_ALLOWED_ORIGINS.get() or [] + CORS_ALLOW_ALL_ORIGINS = not bool(CORS_ALLOWED_ORIGINS) # Configure database if os.getenv('DESKTOP_DB_CONFIG'):