Use new maintained django-cors-headers package #10000
Conversation
There was a problem hiding this comment.
This looks good to me. I'd not block this PR on the setting config. I'd go ahead with the solution you proposed (url1|url2). This string can be generated looping over the current list we already have:
# Generate the regex string manually because a list is not supported
# https://github.com/adamchainz/django-cors-headers/issues/830
CORS_URLS_REGEX = "(" + "|".join(CORS_URLS_ALLOW_ALL_REGEX) + ")"Example,
>>> l = ['1', '2', '3', '4']
>>> '(' + '|'.join(l) + ')'
'(1|2|3|4)'
>>>
|
They aren't going to add that option, so back to use a long regex instead. I also hit adamchainz/django-cors-headers#558, but it was more of an issue with our tests, we were trying to test that middleware isolated passing a dictionary as the response, instead of creating a response, I'm just testing the whole request instead. |
| CORS_ALLOW_HEADERS = list(default_headers) + [ | ||
| 'x-hoverxref-version', | ||
| 'x-csrftoken' | ||
| ) | ||
| ] |
There was a problem hiding this comment.
Just to note we are adding 3 extra allowed headers with this change:
"accept-encoding",
"dnt",
"user-agent",
| r"^/api/v3/embed", | ||
| r"^/api/v2/sustainability", | ||
| ] | ||
| CORS_URLS_REGEX = re.compile( |
There was a problem hiding this comment.
In the docs it says this is a string. However, it also says Pattern[str] which I'm not sure if that's what re.compile returns or not: https://github.com/adamchainz/django-cors-headers#cors_urls_regex-str--patternstr
There was a problem hiding this comment.
yeah, that's the type https://docs.python.org/3/library/typing.html#typing.Pattern.
May be blocked by adamchainz/django-cors-headers#830, but we could also just have a single regex for all the allowed URLs.