diff options
author | Marcello Stanisci <stanisci.m@gmail.com> | 2018-11-26 18:38:26 +0100 |
---|---|---|
committer | Marcello Stanisci <stanisci.m@gmail.com> | 2018-11-26 18:38:26 +0100 |
commit | 6879ec97ce40f76368df2f02d06beb870457ce06 (patch) | |
tree | d21921f3468b2b06cb76ea922908a0f87ef81fd4 | |
parent | 6806eedf318e5e0b015035e2f230b39210682340 (diff) | |
download | bank-6879ec97ce40f76368df2f02d06beb870457ce06.tar.gz bank-6879ec97ce40f76368df2f02d06beb870457ce06.tar.bz2 bank-6879ec97ce40f76368df2f02d06beb870457ce06.zip |
Do NOT use django-cors-headers.
Do not really helps: it _replaces_ a referer-header,
but doesn't make one up.
-rw-r--r-- | talerbank/settings.py | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/talerbank/settings.py b/talerbank/settings.py index 49e4d6b..e8f226d 100644 --- a/talerbank/settings.py +++ b/talerbank/settings.py @@ -59,14 +59,12 @@ INSTALLED_APPS = [ 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', - 'corsheaders', 'talerbank.app' ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', - 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', @@ -203,10 +201,3 @@ TALER_EXPECTS_DONATIONS = [ 'Tor', 'GNUnet', 'Taler', 'FSF'] TALER_SUGGESTED_EXCHANGE = TC.value_string( "bank", "suggested_exchange") - -# Make a 'referer' *request header* from a origin one. -# This is needed when a client disables the 'referer' -# header from being sent: in this situation, the anti-CSRF -# layer makes the request invalid! - -CORS_REPLACE_HTTPS_REFERER = True |