[deps] Pinned "django-cors-headers~=4.4.0" #480

Dropped support for "openwisp2_django_cors.replace_https_referer" Closes #480 setting.
openwisp · Nov 25, 2024 · d30ad3f · d30ad3f
1 parent 4d0499b
commit d30ad3f
Show file tree

Hide file tree

Showing 5 changed files with 1 addition and 13 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -215,7 +215,6 @@ cron_delete_inactive_users: "'hour': 1, 'minute': 55"
 openwisp2_django_cors:
     enabled: false
     allowed_origins_list: []
-    replace_https_referer: false
 openwisp2_extra_supervisor_restart: []
 openwisp2_usage_metric_collection: null
 # allow disabling celery beat tasks if needed

diff --git a/docs/user/configuring-cors-headers.rst b/docs/user/configuring-cors-headers.rst
@@ -65,7 +65,6 @@ setting of ``django-cors-headers`` as shown in the following example:
           allowed_origins_list:
             - https://frontend.openwisp.org
             - https://logs.openwisp.org
-          replace_https_referer: true
         # Configuring additional settings for django-cors-headers
         openwisp2_extra_django_settings_instructions:
           - |

diff --git a/docs/user/role-variables.rst b/docs/user/role-variables.rst
@@ -455,12 +455,6 @@ take a look at `the default values of these variables
           # HTTP requests. Read https://github.com/adamchainz/django-cors-headers#cors_allowed_origins-sequencestr
           # for detail. By default, it is set to an empty list.
           allowed_origins_list: ["https://log.openwisp.org"]
-          # Configures "CORS_REPLACE_HTTPS_REFERER" setting of the django-cors-headers
-          # package. Read https://github.com/adamchainz/django-cors-headers#cors_replace_https_referer-bool
-          # for detail. Setting this to "true" will also configure the
-          # Django middleware setting to add "CorsPostCsrfMiddleware".
-          # By default, it is set to false.
-          replace_https_referer: true
 
 .. note::
 

diff --git a/tasks/pip.yml b/tasks/pip.yml
@@ -133,7 +133,7 @@
 - name: Install django-cors-headers
   when: openwisp2_django_cors.get('enabled')
   pip:
-    name: django-cors-headers
+    name: "django-cors-headers~=4.4.0"
     state: latest
     virtualenv: "{{ virtualenv_path }}"
     virtualenv_python: "{{ openwisp2_python }}"

diff --git a/templates/openwisp2/settings.py b/templates/openwisp2/settings.py
@@ -562,10 +562,6 @@
 # CORS configuration
 INSTALLED_APPS.append('corsheaders')
 MIDDLEWARE.insert(MIDDLEWARE.index('django.middleware.common.CommonMiddleware'), 'corsheaders.middleware.CorsMiddleware')
-{% if openwisp2_django_cors.get('replace_https_referer', False) %}
-MIDDLEWARE.insert(MIDDLEWARE.index('django.middleware.csrf.CsrfViewMiddleware') + 1, 'corsheaders.middleware.CorsPostCsrfMiddleware')
-CORS_REPLACE_HTTPS_REFERER = {{ openwisp2_django_cors.get('replace_https_referer', False) }}
-{% endif %}
 CORS_ALLOWED_ORIGINS = {{ openwisp2_django_cors.get('allowed_origins_list', []) }}
 {% endif %}