From e2f8efb521abef0f67277baacade9dbfee16bc9f Mon Sep 17 00:00:00 2001
From: Karl <karl@woostertech.com>
Date: Fri, 8 Sep 2023 12:29:06 -0700
Subject: [PATCH 1/2] Update settings.py

Add deprecation notice for `CORS_ORIGIN_ALLOW_ALL` and auto switch to `CORS_ALLOW_ALL_ORIGINS`
---
 recipes/settings.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/recipes/settings.py b/recipes/settings.py
index 9a36bfc19..26639189d 100644
--- a/recipes/settings.py
+++ b/recipes/settings.py
@@ -68,7 +68,11 @@ ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS').split(
 if os.getenv('CSRF_TRUSTED_ORIGINS'):
     CSRF_TRUSTED_ORIGINS = os.getenv('CSRF_TRUSTED_ORIGINS').split(',')
 
-CORS_ORIGIN_ALLOW_ALL = True
+if CORS_ORIGIN_ALLOW_ALL := os.getenv('CORS_ORIGIN_ALLOW_ALL') is not None:
+    print('DEPRECATION WARNING: Environment var "CORS_ORIGIN_ALLOW_ALL" is deprecated. Please use "CORS_ALLOW_ALL_ORIGINS."')
+    CORS_ALLOW_ALL_ORIGINS = CORS_ORIGIN_ALLOW_ALL
+else:
+    CORS_ALLOW_ALL_ORIGINS = bool(int(os.getenv("CORS_ALLOW_ALL_ORIGINS", True)))
 
 LOGIN_REDIRECT_URL = "index"
 LOGOUT_REDIRECT_URL = "index"

From 9b6ed7a63acff92df2293304e99da87e1449c0e1 Mon Sep 17 00:00:00 2001
From: Karl <karl@woostertech.com>
Date: Fri, 8 Sep 2023 12:31:46 -0700
Subject: [PATCH 2/2] Update .env.template

Add option for CSRF_TRUSTED_ORIGINS for better discoverability.

Add options for newly added CORS_ALLOW_ALL_ORIGINS for discoverability as well as flexibility.
---
 .env.template | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.env.template b/.env.template
index 5c4370fe1..3b519f2c6 100644
--- a/.env.template
+++ b/.env.template
@@ -13,6 +13,14 @@ DEBUG_TOOLBAR=0
 # hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,...
 ALLOWED_HOSTS=*
 
+# Cross Site Request Forgery protection
+# (https://docs.djangoproject.com/en/4.2/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS)
+# CSRF_TRUSTED_ORIGINS = []
+
+# Cross Origin Resource Sharing
+# (https://github.com/adamchainz/django-cors-header)
+# CORS_ALLOW_ALL_ORIGINS = True
+
 # random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
 # ---------------------------- REQUIRED -------------------------
 SECRET_KEY=