[FEAT] only enable cors middleware if DJANGO_CORS_ALLOWED_ORIGINS is set

ETH-NEXUS · Jan 4, 2024 · 83a52e2 · 83a52e2
1 parent 78866e8
commit 83a52e2
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/api/app/ena_upload_ms/settings.py b/api/app/ena_upload_ms/settings.py
@@ -57,7 +57,15 @@
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
-    "corsheaders.middleware.CorsMiddleware",
+]
+
+# We only add the middleware if DJANGO_CORS_ALLOWED_ORIGINS env var is set
+if environ.get("DJANGO_CORS_ALLOWED_ORIGINS"):
+    MIDDLEWARE.append(
+        "corsheaders.middleware.CorsMiddleware",
+    )
+
+MIDDLEWARE += [
     "django.middleware.common.CommonMiddleware",
 ]
 
@@ -190,7 +198,7 @@
 
 # CORS configuration
 CORS_ALLOW_ALL_ORIGINS = False if environ.get("DJANGO_CORS_ALLOWED_ORIGINS") else True
-CORS_ALLOWED_ORIGINS = environ.get("DJANGO_CORS_ALLOWED_ORIGINS" "*").split(",")
+CORS_ALLOWED_ORIGINS = environ.get("DJANGO_CORS_ALLOWED_ORIGINS", "*").split(",")
 CORS_ALLOW_HEADERS = default_headers + (
     "cache-control",
     "pragma",