Site access tweaks (#6738)

* Adjust docker filter - Run if settings.py changes * Revert API version * Adjust logic in settings.py - Only exit if in main server thread * Update qc_checks.yaml * Add wildcard for CSRF_TRUSTED_ORIGINS in DEBUG mode * Update wildcard * Simplify settings.py logic
2025-05-13 18:43:08 +00:00 · 2024-03-18 15:27:56 +11:00 · 2024-03-18 15:27:56 +11:00 · 82654eabdc
commit 82654eabdc
parent bf9dd164e1
4 changed files with 21 additions and 11 deletions
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@ -44,6 +44,7 @@ jobs:
              - docker-compose.yml
              - docker.dev.env
              - Dockerfile
+              - InvenTree/settings.py
              - requirements.txt
              - tasks.py

--- a/.github/workflows/qc_checks.yaml
+++ b/.github/workflows/qc_checks.yaml
@ -133,7 +133,6 @@ jobs:
      INVENTREE_PYTHON_TEST_SERVER: http://localhost:12345
      INVENTREE_PYTHON_TEST_USERNAME: testuser
      INVENTREE_PYTHON_TEST_PASSWORD: testpassword
-      INVENTREE_SITE_URL: http://localhost:8000
    outputs:
      version: ${{ steps.version.outputs.version }}

@ -218,9 +217,10 @@ jobs:
      INVENTREE_ADMIN_USER: testuser
      INVENTREE_ADMIN_PASSWORD: testpassword
      INVENTREE_ADMIN_EMAIL: test@test.com
-      INVENTREE_PYTHON_TEST_SERVER: http://localhost:12345
+      INVENTREE_PYTHON_TEST_SERVER: http://127.0.0.1:12345
      INVENTREE_PYTHON_TEST_USERNAME: testuser
      INVENTREE_PYTHON_TEST_PASSWORD: testpassword
+      INVENTREE_SITE_URL: http://127.0.0.1:12345

    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
--- a/InvenTree/InvenTree/api_version.py
+++ b/InvenTree/InvenTree/api_version.py
@ -1,14 +1,11 @@
 """InvenTree API version information."""

 # InvenTree API version
-INVENTREE_API_VERSION = 185
+INVENTREE_API_VERSION = 184
 """Increment this API version number whenever there is a significant change to the API that any clients need to know about."""

 INVENTREE_API_TEXT = """

-v185 - 2024-03-18 : https://github.com/inventree/InvenTree/pull/6731
-    - Adds a default URL to the generated API schema (http://localhost:8000)
-
 v184 - 2024-03-17 : https://github.com/inventree/InvenTree/pull/10464
    - Add additional fields for tests (start/end datetime, test station)

--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@ -26,6 +26,7 @@ import pytz
 from dotenv import load_dotenv

 from InvenTree.config import get_boolean_setting, get_custom_file, get_setting
+from InvenTree.ready import isInMainThread
 from InvenTree.sentry import default_sentry_dsn, init_sentry
 from InvenTree.version import checkMinPythonVersion, inventreeApiVersion

@ -1006,6 +1007,9 @@ if not ALLOWED_HOSTS:
        logger.error(
            'No ALLOWED_HOSTS specified. Please provide a list of allowed hosts, or specify INVENTREE_SITE_URL'
        )
+
+        # Server cannot run without ALLOWED_HOSTS
+        if isInMainThread():
            sys.exit(-1)

 # Ensure that the ALLOWED_HOSTS do not contain any scheme info
@ -1027,6 +1031,14 @@ if SITE_URL and SITE_URL not in CSRF_TRUSTED_ORIGINS:
    CSRF_TRUSTED_ORIGINS.append(SITE_URL)

 if not TESTING and len(CSRF_TRUSTED_ORIGINS) == 0:
+    if DEBUG:
+        logger.warning(
+            'No CSRF_TRUSTED_ORIGINS specified. Defaulting to http://* for debug mode. This is not recommended for production use'
+        )
+        CSRF_TRUSTED_ORIGINS = ['http://*']
+
+    elif isInMainThread():
+        # Server thread cannot run without CSRF_TRUSTED_ORIGINS
        logger.error(
            'No CSRF_TRUSTED_ORIGINS specified. Please provide a list of trusted origins, or specify INVENTREE_SITE_URL'
        )