From c0e97129c5a9164de705863ab2a0bb1f0461f6fe Mon Sep 17 00:00:00 2001
From: Gagan Deep <pandafy.dev@gmail.com>
Date: Mon, 25 Nov 2024 21:58:49 +0530
Subject: [PATCH] [deps] Pinned "django-cors-headers~=4.4.0" #480

Dropped support for "openwisp2_django_cors.replace_https_referer"

Closes #480
setting.
---
 defaults/main.yml                      | 1 -
 docs/user/configuring-cors-headers.rst | 1 -
 docs/user/role-variables.rst           | 6 ------
 tasks/pip.yml                          | 2 +-
 templates/openwisp2/settings.py        | 4 ----
 5 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index ecb105f3..b8832ec3 100755
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -215,7 +215,6 @@ cron_delete_inactive_users: "'hour': 1, 'minute': 55"
 openwisp2_django_cors:
     enabled: false
     allowed_origins_list: []
-    replace_https_referer: false
 openwisp2_extra_supervisor_restart: []
 openwisp2_usage_metric_collection: null
 # allow disabling celery beat tasks if needed
diff --git a/docs/user/configuring-cors-headers.rst b/docs/user/configuring-cors-headers.rst
index 6db8898c..0ff0d0e8 100644
--- a/docs/user/configuring-cors-headers.rst
+++ b/docs/user/configuring-cors-headers.rst
@@ -65,7 +65,6 @@ setting of ``django-cors-headers`` as shown in the following example:
           allowed_origins_list:
             - https://frontend.openwisp.org
             - https://logs.openwisp.org
-          replace_https_referer: true
         # Configuring additional settings for django-cors-headers
         openwisp2_extra_django_settings_instructions:
           - |
diff --git a/docs/user/role-variables.rst b/docs/user/role-variables.rst
index c43e56d1..72e8bb4b 100644
--- a/docs/user/role-variables.rst
+++ b/docs/user/role-variables.rst
@@ -455,12 +455,6 @@ take a look at `the default values of these variables
           # HTTP requests. Read https://github.com/adamchainz/django-cors-headers#cors_allowed_origins-sequencestr
           # for detail. By default, it is set to an empty list.
           allowed_origins_list: ["https://log.openwisp.org"]
-          # Configures "CORS_REPLACE_HTTPS_REFERER" setting of the django-cors-headers
-          # package. Read https://github.com/adamchainz/django-cors-headers#cors_replace_https_referer-bool
-          # for detail. Setting this to "true" will also configure the
-          # Django middleware setting to add "CorsPostCsrfMiddleware".
-          # By default, it is set to false.
-          replace_https_referer: true
 
 .. note::
 
diff --git a/tasks/pip.yml b/tasks/pip.yml
index 78fc6ba2..2445d65d 100644
--- a/tasks/pip.yml
+++ b/tasks/pip.yml
@@ -133,7 +133,7 @@
 - name: Install django-cors-headers
   when: openwisp2_django_cors.get('enabled')
   pip:
-    name: django-cors-headers
+    name: "django-cors-headers~=4.4.0"
     state: latest
     virtualenv: "{{ virtualenv_path }}"
     virtualenv_python: "{{ openwisp2_python }}"
diff --git a/templates/openwisp2/settings.py b/templates/openwisp2/settings.py
index 75919e58..32b0f2ca 100644
--- a/templates/openwisp2/settings.py
+++ b/templates/openwisp2/settings.py
@@ -562,10 +562,6 @@
 # CORS configuration
 INSTALLED_APPS.append('corsheaders')
 MIDDLEWARE.insert(MIDDLEWARE.index('django.middleware.common.CommonMiddleware'), 'corsheaders.middleware.CorsMiddleware')
-{% if openwisp2_django_cors.get('replace_https_referer', False) %}
-MIDDLEWARE.insert(MIDDLEWARE.index('django.middleware.csrf.CsrfViewMiddleware') + 1, 'corsheaders.middleware.CorsPostCsrfMiddleware')
-CORS_REPLACE_HTTPS_REFERER = {{ openwisp2_django_cors.get('replace_https_referer', False) }}
-{% endif %}
 CORS_ALLOWED_ORIGINS = {{ openwisp2_django_cors.get('allowed_origins_list', []) }}
 {% endif %}