diff --git a/backend/projectify/lib/settings.py b/backend/projectify/lib/settings.py index f52d93d67..35cd8f052 100644 --- a/backend/projectify/lib/settings.py +++ b/backend/projectify/lib/settings.py @@ -3,8 +3,6 @@ # SPDX-FileCopyrightText: 2024 JWP Consulting GK """Settings related functions.""" -import os -from collections.abc import Iterable, Sequence from typing import cast from django.conf import settings @@ -19,20 +17,3 @@ def get_settings() -> Base: Still better than hoping that Django settings will contain our settings. """ return cast(Base, settings) - - -def populate_production_middleware(middleware: Sequence[str]) -> Iterable[str]: - """Remove CORS middleware. No idea why we should do that.""" - csrf_middleware = "django.middleware.csrf.CsrfViewMiddleware" - gzip_middleware = "django.middleware.gzip.GZipMiddleware" - disable_csrf = "DISABLE_CSRF_PROTECTION" in os.environ - for m in middleware: - if m == csrf_middleware and disable_csrf: - yield "projectify.middleware.DisableCSRFMiddleware" - continue - elif m == gzip_middleware: - # Yield white noise *after* gzip - yield m - yield "whitenoise.middleware.WhiteNoiseMiddleware" - else: - yield m diff --git a/backend/projectify/settings/production.py b/backend/projectify/settings/production.py index 3bf920ed1..15ecacdf3 100644 --- a/backend/projectify/settings/production.py +++ b/backend/projectify/settings/production.py @@ -7,8 +7,6 @@ import warnings from pathlib import Path -from projectify.lib.settings import populate_production_middleware - from .base import Base @@ -82,12 +80,6 @@ class Production(Base): }, } - # Disable CSRF protection - # TODO override this in a cleaner way - # XXX actually, I don't know why we have it in the first place, - # and at this point I am afraid to ask. - MIDDLEWARE = list(populate_production_middleware(Base.MIDDLEWARE)) - CSRF_COOKIE_DOMAIN = os.getenv("CSRF_COOKIE_DOMAIN", None) # Stripe