Site access tweaks (#6738)

* Adjust docker filter

- Run if settings.py changes

* Revert API version

* Adjust logic in settings.py

- Only exit if in main server thread

* Update qc_checks.yaml

* Add wildcard for CSRF_TRUSTED_ORIGINS in DEBUG mode

* Update wildcard

* Simplify settings.py logic

.github/workflows/docker.yaml

@@ -44,6 +44,7 @@ jobs:
               - docker-compose.yml
               - docker.dev.env
               - Dockerfile
+              - InvenTree/settings.py
               - requirements.txt
               - tasks.py
 

.github/workflows/qc_checks.yaml

@@ -133,7 +133,6 @@ jobs:
       INVENTREE_PYTHON_TEST_SERVER: http://localhost:12345
       INVENTREE_PYTHON_TEST_USERNAME: testuser
       INVENTREE_PYTHON_TEST_PASSWORD: testpassword
-      INVENTREE_SITE_URL: http://localhost:8000
     outputs:
       version: ${{ steps.version.outputs.version }}
 
@@ -218,9 +217,10 @@ jobs:
       INVENTREE_ADMIN_USER: testuser
       INVENTREE_ADMIN_PASSWORD: testpassword
       INVENTREE_ADMIN_EMAIL: test@test.com
-      INVENTREE_PYTHON_TEST_SERVER: http://localhost:12345
+      INVENTREE_PYTHON_TEST_SERVER: http://127.0.0.1:12345
       INVENTREE_PYTHON_TEST_USERNAME: testuser
       INVENTREE_PYTHON_TEST_PASSWORD: testpassword
+      INVENTREE_SITE_URL: http://127.0.0.1:12345
 
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1

InvenTree/InvenTree/api_version.py

@@ -1,14 +1,11 @@
 """InvenTree API version information."""
 
 # InvenTree API version
-INVENTREE_API_VERSION = 185
+INVENTREE_API_VERSION = 184
 """Increment this API version number whenever there is a significant change to the API that any clients need to know about."""
 
 INVENTREE_API_TEXT = """
 
-v185 - 2024-03-18 : https://github.com/inventree/InvenTree/pull/6731
-    - Adds a default URL to the generated API schema (http://localhost:8000)
-
 v184 - 2024-03-17 : https://github.com/inventree/InvenTree/pull/10464
     - Add additional fields for tests (start/end datetime, test station)
 

InvenTree/InvenTree/settings.py

@@ -26,6 +26,7 @@ import pytz
 from dotenv import load_dotenv
 
 from InvenTree.config import get_boolean_setting, get_custom_file, get_setting
+from InvenTree.ready import isInMainThread
 from InvenTree.sentry import default_sentry_dsn, init_sentry
 from InvenTree.version import checkMinPythonVersion, inventreeApiVersion
 
@@ -1006,7 +1007,10 @@ if not ALLOWED_HOSTS:
         logger.error(
             'No ALLOWED_HOSTS specified. Please provide a list of allowed hosts, or specify INVENTREE_SITE_URL'
         )
-        sys.exit(-1)
+
+        # Server cannot run without ALLOWED_HOSTS
+        if isInMainThread():
+            sys.exit(-1)
 
 # Ensure that the ALLOWED_HOSTS do not contain any scheme info
 for i, host in enumerate(ALLOWED_HOSTS):
@@ -1027,10 +1031,18 @@ if SITE_URL and SITE_URL not in CSRF_TRUSTED_ORIGINS:
     CSRF_TRUSTED_ORIGINS.append(SITE_URL)
 
 if not TESTING and len(CSRF_TRUSTED_ORIGINS) == 0:
-    logger.error(
+    if DEBUG:
-        'No CSRF_TRUSTED_ORIGINS specified. Please provide a list of trusted origins, or specify INVENTREE_SITE_URL'
+        logger.warning(
-    )
+            'No CSRF_TRUSTED_ORIGINS specified. Defaulting to http://* for debug mode. This is not recommended for production use'
-    sys.exit(-1)
+        )
+        CSRF_TRUSTED_ORIGINS = ['http://*']
+
+    elif isInMainThread():
+        # Server thread cannot run without CSRF_TRUSTED_ORIGINS
+        logger.error(
+            'No CSRF_TRUSTED_ORIGINS specified. Please provide a list of trusted origins, or specify INVENTREE_SITE_URL'
+        )
+        sys.exit(-1)
 
 USE_X_FORWARDED_HOST = get_boolean_setting(
     'INVENTREE_USE_X_FORWARDED_HOST',