From f3b0d0dce0097e168094cd201ba3976a51c1f760 Mon Sep 17 00:00:00 2001
From: yuetsh <517252939@qq.com>
Date: Mon, 3 Mar 2025 09:18:48 +0800
Subject: [PATCH] fix

---
 api/settings.py | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/api/settings.py b/api/settings.py
index 1d76487..7351483 100644
--- a/api/settings.py
+++ b/api/settings.py
@@ -24,10 +24,12 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 SECRET_KEY = os.environ.get("SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = False
-
-ALLOWED_HOSTS = ["webpreviewapi.xuyue.cc", "localhost", "127.0.0.1"]
+DEBUG = os.environ.get("ENV") != "production"
 
+if DEBUG:
+    ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
+else:
+    ALLOWED_HOSTS = ["webapi.xuyue.cc"]
 
 # Application definition
 
@@ -130,9 +132,9 @@ DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
 
 AUTH_USER_MODEL = "account.User"
 
-CORS_ALLOWED_ORIGINS = [
-    "http://localhost:3000",
-    "http://localhost:8081",
-    "https://web.xuyue.cc",
-]
+if DEBUG:
+    CORS_ALLOWED_ORIGINS = ["http://localhost:3000"]
+else:
+    CORS_ALLOWED_ORIGINS = ["https://web.xuyue.cc"]
+
 CORS_ALLOW_CREDENTIALS = True