Ban CORS requests to the siteadmin and to the auth forms, just in case

This commit is contained in:
Danielle McLean 2018-05-09 01:29:30 +10:00
parent 30c4c8ec8f
commit b32cefe762
Signed by untrusted user: 00dani
GPG key ID: 8EB789DDF3ABD240

View file

@ -235,6 +235,7 @@ AGENT_COOKIE_SECURE = True
# django-cors-headers # django-cors-headers
CORS_ORIGIN_ALLOW_ALL = True CORS_ORIGIN_ALLOW_ALL = True
CORS_URLS_REGEX = r'^/(?!admin|auth/(?:login|logout|indie)).*$'
# django-debug-toolbar # django-debug-toolbar
# https://django-debug-toolbar.readthedocs.io/en/stable/configuration.html # https://django-debug-toolbar.readthedocs.io/en/stable/configuration.html