fix: cors, csrf 설정 전체 변경

cau-likelion-org · Jan 29, 2025 · a01240c · a01240c
1 parent 9f5792d
commit a01240c
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/config/settings.py b/config/settings.py
@@ -42,12 +42,22 @@ def get_secret(setting, secrets=secrets):
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = ['https://cau-chunghaha.p-e.kr', 'https://cau-likelion.org', 'http://localhost:3000',]
+ALLOWED_HOSTS = ['cau-chunghaha.p-e.kr', 'cau-likelion.org', 'localhost']
 
-CSRF_TRUSTED_ORIGINS = ['https://cau-chunghaha.p-e.kr', 'https://cau-likelion.org', 'http://localhost:3000']
-# CORS_ORIGIN_WHITELIST = ['https://api.cau-likelion.org', 'https://cau-likelion.org', 'http://localhost:3000']
-CORS_ORIGIN_ALLOW_ALL = True
-CORS_ALLOW_CREDENTIALS = True
+CSRF_TRUSTED_ORIGINS = [
+    "https://cau-chunghaha.p-e.kr",
+    "https://cau-likelion.org",
+    "http://localhost:3000",
+]
+
+CORS_ALLOWED_ORIGINS = [
+    "https://cau-chunghaha.p-e.kr",
+    "https://cau-likelion.org",
+    "http://localhost:3000",
+]
+
+CORS_ALLOW_CREDENTIALS = True 
+CORS_ALLOW_METHODS = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
 
 # Application definition