refactor: Strengthen security regarding debug, csrf, cors

backoffice/settings/base.py

@@ -125,3 +125,13 @@
 # https://docs.djangoproject.com/en/5.1/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
+
+CSRF_TRUSTED_ORIGINS = [
+    "http://localhost:8000",
+    "http://127.0.0.1:8000",
+]
+
+CORS_ALLOWED_ORIGINS = [
+    "http://localhost:8000",
+    "http://127.0.0.1:8000",
+]

backoffice/settings/local.py

@@ -5,9 +5,4 @@
     "localhost",
 ]
 
-CSRF_TRUSTED_ORIGINS = [
-    "http://localhost:8000",
-    "http://127.0.0.1:8000",
-]
-
 CORS_ALLOW_ALL_ORIGINS = True

backoffice/settings/prod.py

@@ -4,12 +4,4 @@
 
 ALLOWED_HOSTS = ["*"]  # TODO: 추후 도메인 설정 후 변경
 
-CSRF_TRUSTED_ORIGINS = [
-    "http://localhost:8000",
-    "http://127.0.0.1:8000",
-]  # TODO: 추후 도메인 설정 후 변경
-
-CORS_ALLOWED_ORIGINS = [
-    "http://localhost:8000",
-    "http://127.0.0.1:8000",
-]  # TODO: 추후 도메인 설정 후 변경
+# TODO: 추후 도메인 설정 후 CSRF_TRUSTED_ORIGINS, CORS_ALLOWED_ORIGINS에 추가

backoffice/urls.py

@@ -15,10 +15,17 @@
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 
-from debug_toolbar.toolbar import debug_toolbar_urls
+from django.conf import settings
 from django.contrib import admin
-from django.urls import path
+from django.urls import include, path
 
 urlpatterns = [
     path("admin/", admin.site.urls),
-] + debug_toolbar_urls()
+]
+
+if settings.DEBUG:
+    import debug_toolbar
+
+    urlpatterns += [
+        path("__debug__/", include(debug_toolbar.urls)),
+    ]