From 35d9f03fbeae82fbffe42ae35811c5d356bfebe5 Mon Sep 17 00:00:00 2001
From: Konrad Mohrfeldt <konrad.mohrfeldt@farbdev.org>
Date: Sat, 23 Apr 2022 17:06:02 +0200
Subject: [PATCH] fix: CORS_ORIGIN_WHITELIST was renamed to
 CORS_ALLOWED_ORIGINS

django-cors-headers renamed the setting for the allowed origins and even
though it still supports the fallback the old setting as a fallback, we
want to be one the safe side.
---
 steering/settings.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/steering/settings.py b/steering/settings.py
index bbedf9d9..86b7c06e 100644
--- a/steering/settings.py
+++ b/steering/settings.py
@@ -30,9 +30,15 @@ MANAGERS = ADMINS
 # Must be set if DEBUG is False
 ALLOWED_HOSTS = env.list("ALLOWED_HOSTS", default=["127.0.0.1", "localhost"])
 
-# Whitelist IPs that access the API
-CORS_ORIGIN_WHITELIST = env.list(
-    "CORS_ORIGIN_WHITELIST", default=("http://localhost:8080", "http://localhost:8040")
+# Whitelist origins that access the API
+CORS_ALLOWED_ORIGINS = env.list(
+    "CORS_ALLOWED_ORIGINS",
+    default=env.list(
+        # This is for backwards compatibility as
+        # CORS_ALLOWED_ORIGINS was named CORS_ORIGIN_WHITELIST in the past.
+        "CORS_ORIGIN_WHITELIST",
+        default=("http://localhost:8080", "http://localhost:8040"),
+    ),
 )
 CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOW_HEADERS = list(default_headers) + [
-- 
GitLab