Describe alternatives you've considered
Leaving the settings hard-coded and all origins available in all environments
Additional context
Hard coding the options is a quick and dirty way to get the initial feature working. However, this means that the production api can be accessed from local instances of the application. The production api should only be available to the production site.
Is your feature request related to a problem? Please describe. Allowed origins should be based on the environment where the application is running
Describe the solution you'd like Based on an environment variable, change the allowed origins to match the environment.
Describe alternatives you've considered Leaving the settings hard-coded and all origins available in all environments
Additional context Hard coding the options is a quick and dirty way to get the initial feature working. However, this means that the production api can be accessed from local instances of the application. The production api should only be available to the production site.
Labels
needs definitionneeds helpready to work onin progressbacklogFor Developers
Affected Components
CORS_ALLOWED_ORIGINS list
Technical Resources Python Django Environment Variables
Testing Outline Manual testing prod and develop envs