diff --git a/docs/env.md b/docs/env.md index a41d7ef9..f9cd154c 100644 --- a/docs/env.md +++ b/docs/env.md @@ -40,7 +40,7 @@ These are the environment variables you can set for the `impress-backend` contai | DJANGO_EMAIL_USE_TLS | use tls for email host connection | false | | DJANGO_EMAIL_USE_SSL | use sstl for email host connection | false | | DJANGO_EMAIL_FROM | email address used as sender | from@example.com | -| DJANGO_CORS_ALLOW_ALL_ORIGINS | allow all CORS origins | true | +| DJANGO_CORS_ALLOW_ALL_ORIGINS | allow all CORS origins | false | | DJANGO_CORS_ALLOWED_ORIGINS | list of origins allowed for CORS | [] | | DJANGO_CORS_ALLOWED_ORIGIN_REGEXES | list of origins allowed for CORS using regulair expressions | [] | | SENTRY_DSN | sentry host | | diff --git a/src/backend/impress/settings.py b/src/backend/impress/settings.py index 737bb338..05d89443 100755 --- a/src/backend/impress/settings.py +++ b/src/backend/impress/settings.py @@ -396,7 +396,7 @@ class Base(Configuration): # CORS CORS_ALLOW_CREDENTIALS = True - CORS_ALLOW_ALL_ORIGINS = values.BooleanValue(True) + CORS_ALLOW_ALL_ORIGINS = values.BooleanValue(False) CORS_ALLOWED_ORIGINS = values.ListValue([]) CORS_ALLOWED_ORIGIN_REGEXES = values.ListValue([])