From 3e0e5f490920d0ba4c8a92f6a94c6a621fab7377 Mon Sep 17 00:00:00 2001
From: ngfchl <ngfchl@126.com>
Date: Fri, 27 Jan 2023 21:23:31 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=EF=BC=9A=E5=8D=87=E7=BA=A7?=
 =?UTF-8?q?=E5=8F=8D=E4=BB=A3=E7=9B=B8=E5=85=B3=E4=BB=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ptools/settings.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ptools/settings.py b/ptools/settings.py
index 79723e2..688444f 100644
--- a/ptools/settings.py
+++ b/ptools/settings.py
@@ -35,9 +35,6 @@ SECRET_KEY = 'django-insecure-6wrh^t$@gbb^s^=79@%cv=%yhq6gl^kane#g@-n-*n6+s1lo2f
 DEBUG = True
 
 ALLOWED_HOSTS = ['*']
-CORS_ORIGIN_ALLOW_ALL = True
-if os.environ.get('HTTPS_DOMAINS'):
-    CSRF_TRUSTED_ORIGINS = [os.environ.get('HTTPS_DOMAINS'), ]
 
 # Application definition
 
@@ -299,3 +296,9 @@ SIMPLEUI_CONFIG = {
         }, ]
     }]
 }
+
+CORS_ALLOW_CREDENTIALS = True
+CORS_ALLOW_ALL_ORIGINS = True
+CORS_ALLOW_HEADERS = '*'
+if os.environ.get('HTTPS_DOMAINS'):
+    CSRF_TRUSTED_ORIGINS = [os.environ.get('HTTPS_DOMAINS'), ]