From dd554ee7b5ff2fbfcb35aaebe2ee3018419a9b84 Mon Sep 17 00:00:00 2001
From: Jeremy Stretch <jstretch@digitalocean.com>
Date: Thu, 20 Jun 2019 09:48:34 -0400
Subject: [PATCH] Updated django-cors-headers to v3.0.2

---
 CHANGELOG.md                            | 5 +++++
 docs/configuration/optional-settings.md | 8 +++++++-
 netbox/netbox/configuration.example.py  | 2 +-
 requirements.txt                        | 2 +-
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9fe5ebc7d..8fc3461c3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -160,6 +160,11 @@ lives in the `extras` app and thus any permissions that you may have configured
 to now use "Extras | Tag." Also note that the admin interface for tags has been removed as it was redundant to the
 functionality provided by the front end UI.
 
+### CORS_ORIGIN_WHITELIST Requires URI Scheme
+
+If you have the `CORS_ORIGIN_WHITELIST` configuration parameter defined, note that each origin must now incldue a URI
+scheme. This change was introuced in django-cors-headers 3.0.
+
 ## Enhancements
 
 * [#166](https://github.com/digitalocean/netbox/issues/166) - Add `dns_name` field to IPAddress
diff --git a/docs/configuration/optional-settings.md b/docs/configuration/optional-settings.md
index efa753d7b..4ebb56290 100644
--- a/docs/configuration/optional-settings.md
+++ b/docs/configuration/optional-settings.md
@@ -72,7 +72,13 @@ If True, cross-origin resource sharing (CORS) requests will be accepted from all
 
 ## CORS_ORIGIN_REGEX_WHITELIST
 
-These settings specify a list of origins that are authorized to make cross-site API requests. Use `CORS_ORIGIN_WHITELIST` to define a list of exact hostnames, or `CORS_ORIGIN_REGEX_WHITELIST` to define a set of regular expressions. (These settings have no effect if `CORS_ORIGIN_ALLOW_ALL` is True.)
+These settings specify a list of origins that are authorized to make cross-site API requests. Use `CORS_ORIGIN_WHITELIST` to define a list of exact hostnames, or `CORS_ORIGIN_REGEX_WHITELIST` to define a set of regular expressions. (These settings have no effect if `CORS_ORIGIN_ALLOW_ALL` is True.) For example:
+
+```
+CORS_ORIGIN_WHITELIST = [
+    'https://example.com',
+]
+```
 
 ---
 
diff --git a/netbox/netbox/configuration.example.py b/netbox/netbox/configuration.example.py
index 0de3e199e..ebc3d4540 100644
--- a/netbox/netbox/configuration.example.py
+++ b/netbox/netbox/configuration.example.py
@@ -72,7 +72,7 @@ CHANGELOG_RETENTION = 90
 # CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
 CORS_ORIGIN_ALLOW_ALL = False
 CORS_ORIGIN_WHITELIST = [
-    # 'hostname.example.com',
+    # 'https://hostname.example.com',
 ]
 CORS_ORIGIN_REGEX_WHITELIST = [
     # r'^(https?://)?(\w+\.)?example\.com$',
diff --git a/requirements.txt b/requirements.txt
index 568e96e0d..5b657f809 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 Django>=2.2,<2.3
 django-cacheops==4.1
-django-cors-headers==2.5.3
+django-cors-headers==3.0.2
 django-debug-toolbar==1.11
 django-filter==2.1.0
 django-mptt==0.9.1