diff --git a/apiserver/apiserver/settings.py b/apiserver/apiserver/settings.py index e72c7c3..1c68377 100644 --- a/apiserver/apiserver/settings.py +++ b/apiserver/apiserver/settings.py @@ -50,11 +50,13 @@ if DEBUG: if BINDALL_ENV: ALLOWED_HOSTS = ['*'] - + SESSION_COOKIE_SECURE = False + CSRF_COOKIE_SECURE = False +else: + SESSION_COOKIE_SECURE = True + CSRF_COOKIE_SECURE = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') -SESSION_COOKIE_SECURE = True -CSRF_COOKIE_SECURE = True SECURE_REFERRER_POLICY = 'same-origin' # Application definition @@ -65,7 +67,6 @@ INSTALLED_APPS = [ 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', - 'django.contrib.staticfiles', 'django.contrib.sites', 'rest_framework', 'rest_framework.authtoken', @@ -89,6 +90,15 @@ MIDDLEWARE = [ 'simple_history.middleware.HistoryRequestMiddleware', ] +if BINDALL_ENV: + INSTALLED_APPS += [ + 'corsheaders', + ] + MIDDLEWARE += [ + 'corsheaders.middleware.CorsMiddleware', + ] + CORS_ORIGIN_ALLOW_ALL = True + ROOT_URLCONF = 'apiserver.urls' TEMPLATES = [ @@ -177,7 +187,8 @@ USE_TZ = True # https://docs.djangoproject.com/en/3.0/howto/static-files/ if DEBUG: - STATIC_URL = '/static/' + MEDIA_URL = 'static/' + MEDIA_ROOT = os.path.join(BASE_DIR, 'data/static') else: STATIC_URL = 'https://static.{}/'.format(PRODUCTION_HOST) STATIC_ROOT = os.path.join(BASE_DIR, 'data/static') diff --git a/apiserver/apiserver/urls.py b/apiserver/apiserver/urls.py index 19f9d21..dc7ae62 100644 --- a/apiserver/apiserver/urls.py +++ b/apiserver/apiserver/urls.py @@ -1,4 +1,5 @@ from django.conf.urls import url +from django.conf.urls.static import static from django.contrib import admin from django.urls import include, path from rest_framework import routers @@ -48,9 +49,11 @@ if secrets.IPN_RANDOM: if secrets.ADMIN_RANDOM: ADMIN_ROUTE = '{}/admin/'.format(secrets.ADMIN_RANDOM) - urlpatterns.append(path(ADMIN_ROUTE, admin.site.urls)) +else: + ADMIN_ROUTE = 'admin/' +urlpatterns.append(path(ADMIN_ROUTE, admin.site.urls)) if settings.DEBUG: urlpatterns += [ path('api-auth/', include('rest_framework.urls')), - ] + ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) diff --git a/apiserver/requirements.txt b/apiserver/requirements.txt index 67a02ac..5d8b0ad 100644 --- a/apiserver/requirements.txt +++ b/apiserver/requirements.txt @@ -10,6 +10,7 @@ commonmark==0.9.1 defusedxml==0.6.0 Django==3.1.14 django-allauth==0.41.0 +django-cors-headers==3.11.0 django-rest-auth==0.9.5 django-simple-history==2.8.0 djangorestframework==3.11.2 diff --git a/webclient/src/utils.js b/webclient/src/utils.js index 468505b..8705dad 100644 --- a/webclient/src/utils.js +++ b/webclient/src/utils.js @@ -3,9 +3,15 @@ import { Table } from 'semantic-ui-react'; export const randomString = () => Math.random().toString(36).substr(2, 10); -export const siteUrl = window.location.protocol + '//' + window.location.hostname; -export const apiUrl = window.location.protocol + '//api.' + window.location.hostname; -export const staticUrl = window.location.protocol + '//static.' + window.location.hostname; +export const siteUrl = window.location.toString(); +export const apiUrl = window.location.port ? + 'http://' + window.location.hostname + ':8000' +: + window.location.protocol + '//api.' + window.location.hostname; +export const staticUrl = window.location.port ? + 'http://' + window.location.hostname + ':8000/static' +: + window.location.protocol + '//static.' + window.location.hostname; export const isAdmin = (user) => user.is_staff || user.member.is_director || user.member.is_staff; export const isInstructor = (user) => isAdmin(user) || user.member.is_instructor;