[Fixes #9718] fix renaming of CORS_ORIGIN_ALLOW_ALL (#9719) (#9720)

* fix renaming of CORS_ORIGIN_ALLOW_ALL * test * fixed pep Co-authored-by: Giovanni Allegri <[email protected]>
GeoNode · Jul 21, 2022 · 150fbba · 150fbba
1 parent c2e0828
commit 150fbba
Show file tree

Hide file tree

Showing 10 changed files with 54 additions and 9 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -128,7 +128,7 @@ workflows:
           name: geonode_test_suite_smoke
           load_docker_cache: false
           save_docker_cache: false
-          test_suite: ./test.sh geonode.tests.smoke geonode.tests.test_message_notifications geonode.tests.test_rest_api geonode.tests.test_search geonode.tests.test_utils
+          test_suite: ./test.sh geonode.tests.smoke geonode.tests.test_message_notifications geonode.tests.test_rest_api geonode.tests.test_search geonode.tests.test_utils geonode.tests.test_headers
       - build:
           name: geonode_test_suite
           load_docker_cache: false

diff --git a/.devcontainer/.env b/.devcontainer/.env
@@ -126,7 +126,7 @@ DEFAULT_FROM_EMAIL='GeoNode <[email protected]>'
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ORIGIN_ALLOW_ALL=True
+CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True

diff --git a/.env b/.env
@@ -129,7 +129,7 @@ DEFAULT_FROM_EMAIL='GeoNode <[email protected]>'
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ORIGIN_ALLOW_ALL=True
+CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True

diff --git a/.env_dev b/.env_dev
@@ -123,7 +123,7 @@ DEFAULT_FROM_EMAIL='GeoNode <[email protected]>'
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ORIGIN_ALLOW_ALL=True
+CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True

diff --git a/.env_local b/.env_local
@@ -123,7 +123,7 @@ DEFAULT_FROM_EMAIL='GeoNode <[email protected]>'
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ORIGIN_ALLOW_ALL=True
+CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True

diff --git a/.env_test b/.env_test
@@ -123,7 +123,7 @@ DEFAULT_FROM_EMAIL='GeoNode <[email protected]>'
 
 # Session/Access Control
 LOCKDOWN_GEONODE=False
-CORS_ORIGIN_ALLOW_ALL=True
+CORS_ALLOW_ALL_ORIGINS=True
 X_FRAME_OPTIONS="SAMEORIGIN"
 SESSION_EXPIRED_CONTROL_ENABLED=True
 DEFAULT_ANONYMOUS_VIEW_PERMISSION=True

diff --git a/geonode/local_settings.py.geoserver.sample b/geonode/local_settings.py.geoserver.sample
@@ -602,6 +602,6 @@ LOGGING = {
 
 # Additional settings
 X_FRAME_OPTIONS = 'ALLOW-FROM %s' % SITEURL
-CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_ALL_ORIGINS = True
 
 GEOIP_PATH = "/usr/local/share/GeoIP"
diff --git a/geonode/settings.py b/geonode/settings.py
@@ -789,7 +789,7 @@
 SESSION_COOKIE_SECURE = ast.literal_eval(os.environ.get('SESSION_COOKIE_SECURE', 'False'))
 CSRF_COOKIE_SECURE = ast.literal_eval(os.environ.get('CSRF_COOKIE_SECURE', 'False'))
 CSRF_COOKIE_HTTPONLY = ast.literal_eval(os.environ.get('CSRF_COOKIE_HTTPONLY', 'False'))
-CORS_ORIGIN_ALLOW_ALL = ast.literal_eval(os.environ.get('CORS_ORIGIN_ALLOW_ALL', 'False'))
+CORS_ALLOW_ALL_ORIGINS = ast.literal_eval(os.environ.get('CORS_ALLOW_ALL_ORIGINS', 'False'))
 X_FRAME_OPTIONS = os.environ.get('X_FRAME_OPTIONS', 'DENY')
 SECURE_CONTENT_TYPE_NOSNIFF = ast.literal_eval(os.environ.get('SECURE_CONTENT_TYPE_NOSNIFF', 'True'))
 SECURE_BROWSER_XSS_FILTER = ast.literal_eval(os.environ.get('SECURE_BROWSER_XSS_FILTER', 'True'))

diff --git a/geonode/tests/test_headers.py b/geonode/tests/test_headers.py
@@ -0,0 +1,45 @@
+#########################################################################
+#
+# Copyright (C) 2022 OSGeo
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#########################################################################
+
+from django.shortcuts import reverse
+from geonode.tests.base import GeoNodeBaseTestSupport
+
+from corsheaders.middleware import ACCESS_CONTROL_ALLOW_ORIGIN
+
+
+class TestHeaders(GeoNodeBaseTestSupport):
+
+    def test_cors_headers(self):
+        categories_url = reverse('categories-list')
+        headers = {
+                    'HTTP_ORIGIN': "http://127.0.0.1"
+                }
+        with self.settings(CORS_ALLOW_ALL_ORIGINS=True, CORS_ALLOW_CREDENTIALS=False):
+            response = self.client.get(
+                categories_url,
+                **headers
+            )
+            self.assertEqual(response[ACCESS_CONTROL_ALLOW_ORIGIN], '*')
+
+        with self.settings(CORS_ALLOW_ALL_ORIGINS=False):
+            response = self.client.get(
+                categories_url,
+                **headers
+            )
+            self.assertIsNone(getattr(response, 'ACCESS_CONTROL_ALLOW_ORIGIN', None))
diff --git a/package/support/geonode.local_settings b/package/support/geonode.local_settings
@@ -414,7 +414,7 @@ LOGGING = {
 }
 
 # Additional settings
-CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_ALL_ORIGINS = True
 
 GEOIP_PATH = "/usr/local/share/GeoIP"