django-cfg 1.2.20__py3-none-any.whl → 1.2.21__py3-none-any.whl

django_cfg/__init__.py

@@ -32,7 +32,7 @@ Example:
 default_app_config = "django_cfg.apps.DjangoCfgConfig"
 
 # Version information
-__version__ = "1.2.20"
+__version__ = "1.2.21"
 __license__ = "MIT"
 
 # Import registry for organized lazy loading

django_cfg/apps/maintenance/admin/site_admin.py

@@ -73,6 +73,7 @@ class CloudflareSiteAdmin(ModelAdmin):
         'status_display',
         'name', 
         'domain',
+        'subdomain_config_badge',
         'maintenance_badge',
         'active_badge',
         'last_maintenance_at',
@@ -102,6 +103,10 @@ class CloudflareSiteAdmin(ModelAdmin):
         ('Basic Information', {
             'fields': ['name', 'domain']
         }),
+        ('Subdomain Configuration', {
+            'fields': ['include_subdomains', 'subdomain_list'],
+            'description': 'Configure which subdomains should be affected by maintenance mode'
+        }),
         ('Cloudflare Configuration', {
             'fields': ['zone_id', 'account_id', 'api_key'],
             'classes': ['collapse']
@@ -141,6 +146,32 @@ class CloudflareSiteAdmin(ModelAdmin):
     # Display methods
     
     @display(description="Status")
+    @display(description="Subdomains", ordering='include_subdomains')
+    def subdomain_config_badge(self, obj: CloudflareSite) -> str:
+        """Display subdomain configuration with badge."""
+        config = obj.get_subdomain_display()
+        
+        if obj.include_subdomains:
+            # All subdomains
+            badge_class = "badge-success"
+            icon = "🌐"
+        elif obj.subdomain_list.strip():
+            # Specific subdomains
+            badge_class = "badge-warning"  
+            icon = "📋"
+        else:
+            # Root only
+            badge_class = "badge-secondary"
+            icon = "🏠"
+        
+        return format_html(
+            '<span class="badge {}" title="{}">{} {}</span>',
+            badge_class,
+            config,
+            icon,
+            "All" if obj.include_subdomains else ("List" if obj.subdomain_list.strip() else "Root")
+        )
+    
     def status_display(self, obj: CloudflareSite) -> str:
         """Display status with emoji."""
         if obj.maintenance_active:
@@ -299,6 +330,7 @@ class CloudflareSiteAdmin(ModelAdmin):
     
     @action(
         description="🔄 Sync with Cloudflare",
+        url_path="sync-cloudflare",
         icon="refresh",
         variant=ActionVariant.INFO
     )
@@ -310,15 +342,20 @@ class CloudflareSiteAdmin(ModelAdmin):
                 messages.error(request, "Site not found.")
                 return redirect(request.META.get('HTTP_REFERER', '/admin/'))
             
-            # Use SiteSyncService for site synchronization
-            from ..services import SiteSyncService
-            sync_service = SiteSyncService(site.api_key)
-            sync_service.sync_zones()
+            # Use convenience function for single site sync
+            from ..services import sync_site_from_cloudflare
+            log_entry = sync_site_from_cloudflare(site)
             
-            messages.success(
-                request, 
-                f"Site '{site.name}' has been synchronized with Cloudflare."
-            )
+            if log_entry.status == log_entry.Status.SUCCESS:
+                messages.success(
+                    request, 
+                    f"Site '{site.name}' has been synchronized with Cloudflare."
+                )
+            else:
+                messages.error(
+                    request,
+                    f"Failed to sync site '{site.name}': {log_entry.error_message}"
+                )
             
         except Exception as e:
             messages.error(request, f"Failed to sync site: {str(e)}")
@@ -327,6 +364,7 @@ class CloudflareSiteAdmin(ModelAdmin):
     
     @action(
         description="🔧 Enable Maintenance",
+        url_path="enable-maintenance",
         icon="build",
         variant=ActionVariant.WARNING
     )
@@ -350,6 +388,7 @@ class CloudflareSiteAdmin(ModelAdmin):
     
     @action(
         description="✅ Disable Maintenance",
+        url_path="disable-maintenance",
         icon="check_circle",
         variant=ActionVariant.SUCCESS
     )

django_cfg/apps/maintenance/migrations/0003_cloudflaresite_include_subdomains_and_more.py

@@ -0,0 +1,27 @@
+# Generated by Django 5.2.6 on 2025-09-23 09:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("maintenance", "0002_cloudflaresite_maintenance_url"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="cloudflaresite",
+            name="include_subdomains",
+            field=models.BooleanField(
+                default=True, help_text="Apply maintenance rules to all subdomains (*.domain.com)"
+            ),
+        ),
+        migrations.AddField(
+            model_name="cloudflaresite",
+            name="subdomain_list",
+            field=models.TextField(
+                blank=True,
+                help_text="Comma-separated list of specific subdomains to include (e.g., api,www,app)",
+            ),
+        ),
+    ]

django_cfg/apps/maintenance/models/cloudflare_site.py

@@ -29,6 +29,16 @@ class CloudflareSite(models.Model):
         help_text="Domain name (e.g., vamcar.com)"
     )
     
+    # Subdomains configuration
+    include_subdomains = models.BooleanField(
+        default=True,
+        help_text="Apply maintenance rules to all subdomains (*.domain.com)"
+    )
+    subdomain_list = models.TextField(
+        blank=True,
+        help_text="Comma-separated list of specific subdomains to include (e.g., api,www,app)"
+    )
+    
     # Cloudflare IDs (auto-discovered during sync)
     zone_id = models.CharField(
         max_length=32,
@@ -106,6 +116,37 @@ class CloudflareSite(models.Model):
             # Default maintenance page with site parameter
             return get_maintenance_url(self.domain)
     
+    def get_domain_patterns(self) -> list[str]:
+        """Get list of domain patterns for Page Rules based on subdomain configuration."""
+        patterns = []
+        
+        if self.include_subdomains:
+            # Include all subdomains with wildcard
+            patterns.append(f"*{self.domain}/*")
+            # Also include root domain explicitly
+            patterns.append(f"{self.domain}/*")
+        else:
+            # Only root domain
+            patterns.append(f"{self.domain}/*")
+            
+            # Add specific subdomains if specified
+            if self.subdomain_list.strip():
+                subdomains = [sub.strip() for sub in self.subdomain_list.split(',') if sub.strip()]
+                for subdomain in subdomains:
+                    patterns.append(f"{subdomain}.{self.domain}/*")
+        
+        return patterns
+    
+    def get_subdomain_display(self) -> str:
+        """Get human-readable subdomain configuration."""
+        if self.include_subdomains:
+            return f"All subdomains (*.{self.domain})"
+        elif self.subdomain_list.strip():
+            subdomains = [sub.strip() for sub in self.subdomain_list.split(',') if sub.strip()]
+            return f"Specific: {', '.join(subdomains)}.{self.domain}"
+        else:
+            return f"Root domain only ({self.domain})"
+    
     def clean(self) -> None:
         """Validate model data."""
         super().clean()

django_cfg/apps/maintenance/services/maintenance_service.py

@@ -142,36 +142,87 @@ class MaintenanceService:
     
     @retry_on_failure(max_retries=3, base_delay=1.0)
     def _create_maintenance_page_rule(self) -> Dict[str, Any]:
-        """Create Page Rule to redirect all traffic to maintenance page."""
+        """Create Page Rules to redirect all traffic to maintenance page (including subdomains)."""
         maintenance_url = self.site.get_maintenance_url()
-        pattern = f"{self.site.domain}/*"
+        patterns = self.site.get_domain_patterns()
         
-        logger.info(f"Creating page rule: {pattern} → {maintenance_url}")
+        logger.info(f"Creating page rules for {self.site.domain}: {patterns} → {maintenance_url}")
         
-        response = self.client.page_rules.create(
+        # First, check if conflicting Page Rules already exist and delete them
+        try:
+            existing_rules = self.client.page_rules.list(zone_id=self.site.zone_id)
+            
+            # Handle different API response formats
+            if hasattr(existing_rules, 'result'):
+                rules = existing_rules.result
+            else:
+                rules = existing_rules
+            
+            # Look for conflicting rules with same patterns
+            for rule in rules:
+                if (hasattr(rule, 'targets') and rule.targets and 
+                    len(rule.targets) > 0 and 
+                    hasattr(rule.targets[0], 'constraint') and 
+                    hasattr(rule.targets[0].constraint, 'value')):
+                    
+                    rule_pattern = rule.targets[0].constraint.value
+                    if rule_pattern in patterns:
+                        logger.info(f"Found conflicting page rule {rule.id} with pattern {rule_pattern}, deleting...")
+                        self.client.page_rules.delete(
             zone_id=self.site.zone_id,
-            targets=[{
-                "target": "url",
-                "constraint": {
-                    "operator": "matches",
-                    "value": pattern
-                }
-            }],
-            actions=[{
-                "id": "forwarding_url",
-                "value": {
-                    "url": maintenance_url,
-                    "status_code": 302
-                }
-            }],
-            status="active"
-        )
-        return response.model_dump()
+                            pagerule_id=rule.id
+                        )
+                        logger.info(f"Deleted conflicting page rule {rule.id}")
+                    
+        except Exception as e:
+            logger.warning(f"Error checking existing page rules: {e}")
+            # Continue with creation anyway
+        
+        # Create Page Rules for each pattern
+        created_rules = []
+        for pattern in patterns:
+            try:
+                logger.info(f"Creating page rule: {pattern} → {maintenance_url}")
+                response = self.client.page_rules.create(
+                    zone_id=self.site.zone_id,
+                    targets=[{
+                        "target": "url",
+                        "constraint": {
+                            "operator": "matches",
+                            "value": pattern
+                        }
+                    }],
+                    actions=[{
+                        "id": "forwarding_url",
+                        "value": {
+                            "url": maintenance_url,
+                            "status_code": 302
+                        }
+                    }],
+                    status="active"
+                )
+                created_rules.append({
+                    "pattern": pattern,
+                    "rule_id": response.id if hasattr(response, 'id') else 'unknown',
+                    "response": response.model_dump()
+                })
+                logger.info(f"Created page rule for pattern {pattern}")
+                
+            except Exception as e:
+                logger.error(f"Failed to create page rule for pattern {pattern}: {e}")
+                # Continue with other patterns
+        
+        return {
+            "success": True,
+            "patterns": patterns,
+            "created_rules": created_rules,
+            "total_rules": len(created_rules)
+        }
     
     @retry_on_failure(max_retries=3, base_delay=1.0)
     def _delete_maintenance_page_rule(self) -> Dict[str, Any]:
-        """Delete maintenance Page Rule with retry logic."""
-        # Find the maintenance page rule
+        """Delete maintenance Page Rules with retry logic (including subdomains)."""
+        # Find the maintenance page rules
         page_rules_response = self.client.page_rules.list(zone_id=self.site.zone_id)
         
         # Handle different API response formats
@@ -180,37 +231,75 @@ class MaintenanceService:
         else:
             page_rules = page_rules_response
         
-        maintenance_pattern = f"{self.site.domain}/*"
+        patterns = self.site.get_domain_patterns()
         maintenance_url = self.site.get_maintenance_url()
         
-        logger.info(f"Looking for page rule to delete: pattern={maintenance_pattern}, url={maintenance_url}")
+        logger.info(f"Looking for page rules to delete: patterns={patterns}, url={maintenance_url}")
         logger.info(f"Found {len(page_rules)} page rules total")
         
+        deleted_rules = []
+        
         for rule in page_rules:
             logger.info(f"Checking rule {rule.id}: targets={getattr(rule, 'targets', None)}, actions={getattr(rule, 'actions', None)}")
             
-            # Simple check - look for forwarding_url action with maintenance URL
-            if (hasattr(rule, 'actions') and rule.actions and 
+            # Check if this rule matches our maintenance patterns
+            rule_matches = False
+            
+            # Check by pattern
+            if (hasattr(rule, 'targets') and rule.targets and 
+                len(rule.targets) > 0 and 
+                hasattr(rule.targets[0], 'constraint') and 
+                hasattr(rule.targets[0].constraint, 'value')):
+                
+                rule_pattern = rule.targets[0].constraint.value
+                if rule_pattern in patterns:
+                    rule_matches = True
+                    logger.info(f"Rule {rule.id} matches pattern: {rule_pattern}")
+            
+            # Also check by URL (fallback for older rules)
+            if not rule_matches and (hasattr(rule, 'actions') and rule.actions and 
                 len(rule.actions) > 0 and 
                 hasattr(rule.actions[0], 'id') and 
                 rule.actions[0].id == "forwarding_url"):
                 
-                # Check if URL contains maintenance.reforms.ai
                 action_value = getattr(rule.actions[0], 'value', {})
                 action_url = getattr(action_value, 'url', '')
                 
                 logger.info(f"Found forwarding rule with URL: {action_url}")
                 
-                if "maintenance.reforms.ai" in action_url:
+                if ("maintenance.reforms.ai" in action_url or 
+                    "djangocfg.com/maintenance" in action_url):
+                    rule_matches = True
+                    logger.info(f"Rule {rule.id} matches maintenance URL")
+            
+            # Delete matching rule
+            if rule_matches:
+                try:
                     logger.info(f"Deleting maintenance page rule: {rule.id}")
                     response = self.client.page_rules.delete(
                         zone_id=self.site.zone_id,
                         pagerule_id=rule.id
                     )
-                    return response.model_dump()
+                    deleted_rules.append({
+                        "rule_id": rule.id,
+                        "pattern": getattr(rule.targets[0].constraint, 'value', 'unknown') if hasattr(rule, 'targets') and rule.targets else 'unknown',
+                        "response": response.model_dump()
+                    })
+                    logger.info(f"Successfully deleted page rule: {rule.id}")
+                    
+                except Exception as e:
+                    logger.error(f"Failed to delete page rule {rule.id}: {e}")
         
-        logger.warning(f"No maintenance page rule found for {self.site.domain}")
-        return {"success": True, "message": "No page rule to delete"}
+        if deleted_rules:
+            logger.info(f"Deleted {len(deleted_rules)} maintenance page rules for {self.site.domain}")
+            return {
+                "success": True,
+                "deleted_rules": deleted_rules,
+                "total_deleted": len(deleted_rules)
+            }
+        else:
+            logger.warning(f"No maintenance page rules found for {self.site.domain}")
+            return {"success": True, "message": "No page rules to delete"}
     
 
 

django_cfg/apps/maintenance/services/site_sync_service.py

@@ -68,6 +68,7 @@ class SiteSyncService:
             logger.error(f"Failed to discover zones: {e}")
             raise CloudflareRetryError(f"Zone discovery failed: {e}")
     
+    
     def sync_zones(self, 
                    force_update: bool = False,
                    dry_run: bool = False) -> Dict[str, Any]:
@@ -163,9 +164,18 @@ class SiteSyncService:
                         'changes': self._get_site_changes(site, zone_data)
                     }
                 else:
-                    # Update existing site
+                    # Update existing site - preserve subdomain settings
                     site.domain = domain
                     site.account_id = zone_data.get('account_id', site.account_id)
+                    
+                    # Ensure subdomain fields are not reset to None during sync
+                    if site.include_subdomains is None:
+                        site.include_subdomains = True
+                    if site.subdomain_list is None:
+                        site.subdomain_list = ''
+                    if site.maintenance_url is None:
+                        site.maintenance_url = ''
+                    
                     site.save()
                     
                     # Log the sync
@@ -195,14 +205,18 @@ class SiteSyncService:
                     'zone_data': zone_data
                 }
             else:
-                # Create new site
+                # Create new site with default subdomain settings
                 site = CloudflareSite.objects.create(
                     name=self._generate_site_name(domain),
                     domain=domain,
                     zone_id=zone_id,
                     account_id=zone_data.get('account_id', ''),
                     api_key=self.api_key,
-                    is_active=not zone_data.get('paused', False)
+                    is_active=not zone_data.get('paused', False),
+                    # Use default values from model
+                    include_subdomains=True,  # Default: include all subdomains
+                    subdomain_list='',       # Default: empty list
+                    maintenance_url=''       # Default: empty URL
                 )
                 
                 # Log the creation
@@ -274,9 +288,18 @@ class SiteSyncService:
                 'last_checked': timezone.now().isoformat()
             }
             
-            # Update site status
+            # Update site status - preserve subdomain settings
             site.maintenance_active = maintenance_active
             site.is_active = not zone.paused
+            
+            # Ensure subdomain fields are not reset to None during status update
+            if site.include_subdomains is None:
+                site.include_subdomains = True
+            if site.subdomain_list is None:
+                site.subdomain_list = ''
+            if site.maintenance_url is None:
+                site.maintenance_url = ''
+                
             site.save()
             
             return status_info
@@ -373,14 +396,36 @@ def sync_site_from_cloudflare(site: CloudflareSite) -> MaintenanceLog:
     """
     try:
         sync_service = SiteSyncService(site.api_key)
-        status_info = sync_service.check_site_status(site)
         
-        return MaintenanceLog.log_success(
-            site=site,
-            action=MaintenanceLog.Action.SYNC,
-            reason="Manual site sync",
-            cloudflare_response=status_info
-        )
+        # Perform full zone sync to update site data from Cloudflare
+        sync_result = sync_service.sync_zones(force_update=True)
+        
+        # Find the specific site result
+        site_result = None
+        for site_info in sync_result.get('sites', []):
+            if site_info.get('domain') == site.domain:
+                site_result = site_info
+                break
+        
+        response_data = {
+            'sync_result': sync_result,
+            'site_result': site_result
+        }
+        
+        if sync_result.get('errors', 0) == 0:
+            return MaintenanceLog.log_success(
+                site=site,
+                action=MaintenanceLog.Action.SYNC,
+                reason="Manual site sync - force update from Cloudflare",
+                cloudflare_response=response_data
+            )
+        else:
+            return MaintenanceLog.log_failure(
+                site=site,
+                action=MaintenanceLog.Action.SYNC,
+                error_message=f"Sync completed with {sync_result['errors']} errors",
+                cloudflare_response=response_data
+            )
         
     except Exception as e:
         return MaintenanceLog.log_failure(

django_cfg/core/config.py

@@ -97,7 +97,7 @@ class DjangoConfig(BaseModel):
 
     model_config = {
         "validate_assignment": True,
-        "extra": "allow",  # Allow additional fields for extensibility
+        "extra": "forbid",  # Forbid arbitrary fields for type safety
         "env_prefix": "DJANGO_",
         "populate_by_name": True,
         "validate_default": True,
@@ -232,6 +232,24 @@ class DjangoConfig(BaseModel):
         description="Force SSL redirect on/off (None = auto based on domains and environment)",
     )
 
+    # === CORS Configuration ===
+    cors_allow_headers: List[str] = Field(
+        default_factory=lambda: [
+            "accept",
+            "accept-encoding", 
+            "authorization",
+            "content-type",
+            "dnt",
+            "origin",
+            "user-agent",
+            "x-csrftoken",
+            "x-requested-with",
+            "x-api-key",
+            "x-api-token",
+        ],
+        description="CORS allowed headers with common defaults for API usage",
+    )
+
     # === Services Configuration ===
     email: Optional[EmailConfig] = Field(
         default=None,
@@ -733,6 +751,7 @@ class DjangoConfig(BaseModel):
             return f"{self.site_url.rstrip('/')}/{path}"
         return self.site_url
 
+
     def invalidate_cache(self) -> None:
         """Invalidate cached Django settings to force regeneration."""
         self._django_settings = None

django_cfg/core/generation.py

@@ -242,7 +242,8 @@ class SettingsGenerator:
                     config.security_domains, 
                     config._environment, 
                     config.debug,
-                    config.ssl_redirect
+                    config.ssl_redirect,
+                    config.cors_allow_headers
                 )
                 settings.update(security_defaults)
 

django_cfg/management/commands/check_settings.py

@@ -43,6 +43,7 @@ class Command(BaseCommand):
         if options['verbose']:
             self.show_database_config()
             self.show_app_config()
+            self.show_cors_config()
         
         if options['email_test']:
             self.test_email_connection()
@@ -141,6 +142,59 @@ class Command(BaseCommand):
         if not cfg_apps:
             self.stdout.write("  ❌ No django_cfg apps found")
 
+    def show_cors_config(self):
+        """Show CORS and security configuration."""
+        self.stdout.write(self.style.SUCCESS("\n🌐 CORS & Security Configuration:"))
+        
+        # Get current config
+        try:
+            from django_cfg.core.config import get_current_config
+            config = get_current_config()
+            
+            if config:
+                self.stdout.write(f"  📋 Security Domains: {config.security_domains}")
+                self.stdout.write(f"  🔗 CORS Headers: {config.cors_allow_headers}")
+                self.stdout.write(f"  🔒 SSL Redirect: {config.ssl_redirect}")
+            else:
+                self.stdout.write("  ⚠️  No django-cfg config instance found")
+                
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f"  ❌ Error getting config: {e}"))
+        
+        # Show Django settings
+        cors_settings = {
+            'CORS_ALLOW_ALL_ORIGINS': getattr(settings, 'CORS_ALLOW_ALL_ORIGINS', None),
+            'CORS_ALLOWED_ORIGINS': getattr(settings, 'CORS_ALLOWED_ORIGINS', None),
+            'CORS_ALLOW_CREDENTIALS': getattr(settings, 'CORS_ALLOW_CREDENTIALS', None),
+            'CORS_ALLOW_HEADERS': getattr(settings, 'CORS_ALLOW_HEADERS', None),
+            'CSRF_TRUSTED_ORIGINS': getattr(settings, 'CSRF_TRUSTED_ORIGINS', None),
+        }
+        
+        self.stdout.write("\n  🔧 Generated Django Settings:")
+        for key, value in cors_settings.items():
+            if value is not None:
+                icon = "✅"
+                if key == 'CORS_ALLOW_HEADERS' and isinstance(value, list):
+                    # Show first few headers for readability
+                    display_value = value[:3] + ['...'] if len(value) > 3 else value
+                    self.stdout.write(f"  {icon} {key}: {display_value} ({len(value)} total)")
+                elif key in ['CORS_ALLOWED_ORIGINS', 'CSRF_TRUSTED_ORIGINS'] and isinstance(value, list):
+                    self.stdout.write(f"  {icon} {key}: {value}")
+                else:
+                    self.stdout.write(f"  {icon} {key}: {value}")
+            else:
+                self.stdout.write(f"  ⭕ {key}: Not set")
+        
+        # Analysis
+        self.stdout.write("\n  📊 CORS Analysis:")
+        if cors_settings['CORS_ALLOW_ALL_ORIGINS']:
+            self.stdout.write("  🟡 Development mode: All origins allowed")
+        elif cors_settings['CORS_ALLOWED_ORIGINS']:
+            origins_count = len(cors_settings['CORS_ALLOWED_ORIGINS'])
+            self.stdout.write(f"  🟢 Production mode: {origins_count} specific origins allowed")
+        else:
+            self.stdout.write("  🔴 No CORS origins configured")
+
     def test_email_connection(self):
         """Test email connection."""
         self.stdout.write(self.style.SUCCESS("\n🧪 Testing Email Connection:"))

django_cfg/utils/smart_defaults.py

@@ -168,7 +168,8 @@ class SmartDefaults:
         domains: List[str],
         environment: Optional[str] = None,
         debug: bool = False,
-        ssl_redirect: Optional[bool] = None
+        ssl_redirect: Optional[bool] = None,
+        cors_allow_headers: Optional[List[str]] = None
     ) -> Dict[str, Any]:
         """
         Get security defaults based on environment and domains.
@@ -178,6 +179,7 @@ class SmartDefaults:
             environment: Current environment
             debug: Django DEBUG setting
             ssl_redirect: Force SSL redirect on/off (None = auto based on domains)
+            cors_allow_headers: Additional CORS headers to extend defaults
             
         Returns:
             Security settings dictionary
@@ -185,92 +187,23 @@ class SmartDefaults:
         try:
             settings = {}
             
-            # CORS settings
-            if domains:
-                if environment == "development" or debug:
-                    # Development: Allow all origins for convenience
-                    settings['CORS_ALLOW_ALL_ORIGINS'] = True
-                    settings['CORS_ALLOW_CREDENTIALS'] = True
-                    
-                    # For development, add ALL domains to CSRF trusted origins
-                    # This allows testing with production domains in dev environment
-                    csrf_trusted_origins = []
-                    for domain in domains:
-                        if domain.startswith(('localhost', '127.0.0.1', '0.0.0.0')):
-                            # Local domains: add HTTP with common ports
-                            csrf_trusted_origins.extend([
-                                f"http://{domain}",
-                                f"http://{domain}:8000",
-                                f"http://{domain}:3000",
-                            ])
-                        elif domain.endswith('.local'):
-                            # .local domains: add both HTTP and HTTPS
-                            csrf_trusted_origins.extend([
-                                f"http://{domain}",
-                                f"https://{domain}",
-                            ])
-                        else:
-                            # External domains: add HTTPS for dev testing with production domains
-                            csrf_trusted_origins.extend([
-                                f"https://{domain}",
-                                f"http://{domain}",  # Also HTTP for flexibility
-                            ])
-                    
-                    if csrf_trusted_origins:
-                        settings['CSRF_TRUSTED_ORIGINS'] = csrf_trusted_origins
-                else:
-                    # Production: Restrict to specified domains
-                    allowed_origins = []
-                    csrf_trusted_origins = []
-                    
-                    for domain in domains:
-                        # CORS origins - only add www for root domains
-                        allowed_origins.append(f"https://{domain}")
-                        
-                        # Only add www. for root domains (no subdomains)
-                        if '.' in domain and domain.count('.') == 1:
-                            allowed_origins.append(f"https://www.{domain}")
-                        
-                        # CSRF trusted origins (critical for HTTPS)
-                        csrf_trusted_origins.append(f"https://{domain}")
-                        
-                        # Only add www. for root domains (no subdomains)
-                        if '.' in domain and domain.count('.') == 1:
-                            csrf_trusted_origins.append(f"https://www.{domain}")
-                    
-                    settings['CORS_ALLOWED_ORIGINS'] = allowed_origins
-                    settings['CORS_ALLOW_CREDENTIALS'] = True
-                    
-                    # Set CSRF trusted origins for HTTPS domains
-                    if csrf_trusted_origins:
-                        settings['CSRF_TRUSTED_ORIGINS'] = csrf_trusted_origins
+            if not domains:
+                return settings
+            
+            is_dev = environment == "development" or debug
             
-            # Security headers for production
+            # Generate CORS settings
+            cors_settings = cls._generate_cors_settings(domains, is_dev, cors_allow_headers)
+            settings.update(cors_settings)
+            
+            # Generate CSRF trusted origins
+            csrf_settings = cls._generate_csrf_settings(domains, is_dev)
+            settings.update(csrf_settings)
+            
+            # Generate security headers for production
             if environment == "production":
-                settings.update({
-                    'SECURE_BROWSER_XSS_FILTER': True,
-                    'SECURE_CONTENT_TYPE_NOSNIFF': True,
-                    'SECURE_HSTS_SECONDS': 31536000,  # 1 year
-                    'SECURE_HSTS_INCLUDE_SUBDOMAINS': True,
-                    'SECURE_HSTS_PRELOAD': True,
-                    'X_FRAME_OPTIONS': 'DENY',
-                })
-                
-                # SSL settings - configurable or auto-detect based on domains
-                should_use_ssl = ssl_redirect if ssl_redirect is not None else bool(domains)
-                if should_use_ssl:
-                    settings.update({
-                        'SECURE_SSL_REDIRECT': True,
-                        'SESSION_COOKIE_SECURE': True,
-                        'CSRF_COOKIE_SECURE': True,
-                    })
-                elif ssl_redirect is False:
-                    # Explicitly disable SSL redirect
-                    settings.update({
-                        'SECURE_SSL_REDIRECT': False,
-                        'SESSION_COOKIE_SECURE': False,
-                        'CSRF_COOKIE_SECURE': False,
-                    })
+                security_headers = cls._generate_security_headers(domains, ssl_redirect)
+                settings.update(security_headers)
             
             return settings
             
@@ -284,6 +217,199 @@ class SmartDefaults:
                 }
             ) from e
     
+    @classmethod
+    def _generate_cors_settings(
+        cls,
+        domains: List[str],
+        is_dev: bool,
+        cors_allow_headers: Optional[List[str]] = None
+    ) -> Dict[str, Any]:
+        """Generate CORS-specific settings."""
+        settings = {
+            'CORS_ALLOW_CREDENTIALS': True,
+            'CORS_ALLOW_HEADERS': cls._get_cors_headers(cors_allow_headers)
+        }
+        
+        if is_dev:
+            # Development: Allow all origins for convenience
+            settings['CORS_ALLOW_ALL_ORIGINS'] = True
+        else:
+            # Production: Restrict to specified domains
+            settings['CORS_ALLOWED_ORIGINS'] = cls._build_allowed_origins(domains)
+        
+        return settings
+    
+    @classmethod
+    def _generate_csrf_settings(cls, domains: List[str], is_dev: bool) -> Dict[str, Any]:
+        """Generate CSRF trusted origins."""
+        if is_dev:
+            csrf_origins = cls._build_dev_csrf_origins(domains)
+        else:
+            csrf_origins = cls._build_prod_csrf_origins(domains)
+        
+        # Only return CSRF settings if we have origins to set
+        if csrf_origins:
+            return {'CSRF_TRUSTED_ORIGINS': csrf_origins}
+        
+        return {}
+    
+    @classmethod
+    def _generate_security_headers(
+        cls,
+        domains: List[str],
+        ssl_redirect: Optional[bool] = None
+    ) -> Dict[str, Any]:
+        """Generate security headers for production."""
+        settings = {
+            'SECURE_BROWSER_XSS_FILTER': True,
+            'SECURE_CONTENT_TYPE_NOSNIFF': True,
+            'SECURE_HSTS_SECONDS': 31536000,  # 1 year
+            'SECURE_HSTS_INCLUDE_SUBDOMAINS': True,
+            'SECURE_HSTS_PRELOAD': True,
+            'X_FRAME_OPTIONS': 'DENY',
+        }
+        
+        # SSL settings - configurable or auto-detect based on domains
+        should_use_ssl = ssl_redirect if ssl_redirect is not None else bool(domains)
+        
+        if should_use_ssl:
+            settings.update({
+                'SECURE_SSL_REDIRECT': True,
+                'SESSION_COOKIE_SECURE': True,
+                'CSRF_COOKIE_SECURE': True,
+            })
+        elif ssl_redirect is False:
+            # Explicitly disable SSL redirect
+            settings.update({
+                'SECURE_SSL_REDIRECT': False,
+                'SESSION_COOKIE_SECURE': False,
+                'CSRF_COOKIE_SECURE': False,
+            })
+        
+        return settings
+    
+    @classmethod
+    def _get_cors_headers(cls, cors_allow_headers: Optional[List[str]] = None) -> List[str]:
+        """
+        Get CORS headers with defaults extended by custom headers.
+        
+        Note: The default headers are defined in DjangoConfig.cors_allow_headers.
+        This method should be consistent with those defaults.
+        """
+        # Default headers - should match DjangoConfig.cors_allow_headers defaults
+        default_headers = [
+            "accept",
+            "accept-encoding", 
+            "authorization",
+            "content-type",
+            "dnt",
+            "origin",
+            "user-agent",
+            "x-csrftoken",
+            "x-requested-with",
+            "x-api-key",
+            "x-api-token",
+        ]
+        
+        if not cors_allow_headers:
+            return default_headers
+        
+        # Extend with custom headers and remove duplicates while preserving order
+        return cls._merge_headers(default_headers, cors_allow_headers)
+    
+    @classmethod
+    def _merge_headers(cls, default_headers: List[str], custom_headers: List[str]) -> List[str]:
+        """Merge header lists removing duplicates while preserving order."""
+        all_headers = default_headers + custom_headers
+        seen = set()
+        unique_headers = []
+        
+        for header in all_headers:
+            header_lower = header.lower()
+            if header_lower not in seen:
+                seen.add(header_lower)
+                unique_headers.append(header)
+        
+        return unique_headers
+    
+    @classmethod
+    def _build_allowed_origins(cls, domains: List[str]) -> List[str]:
+        """Build CORS allowed origins for production."""
+        allowed_origins = []
+        
+        for domain in domains:
+            # Add HTTPS version
+            allowed_origins.append(f"https://{domain}")
+            
+            # Add www. version if applicable
+            if cls._should_add_www_variant(domain):
+                allowed_origins.append(f"https://www.{domain}")
+        
+        return allowed_origins
+    
+    @classmethod
+    def _build_dev_csrf_origins(cls, domains: List[str]) -> List[str]:
+        """Build CSRF trusted origins for development."""
+        csrf_origins = []
+        
+        for domain in domains:
+            if domain.startswith(('localhost', '127.0.0.1', '0.0.0.0')):
+                # Local domains: add HTTP with common ports
+                csrf_origins.extend([
+                    f"http://{domain}",
+                    f"http://{domain}:8000",
+                    f"http://{domain}:3000",
+                ])
+            elif domain.endswith('.local'):
+                # .local domains: add both HTTP and HTTPS
+                csrf_origins.extend([
+                    f"http://{domain}",
+                    f"https://{domain}",
+                ])
+            else:
+                # External domains: add both for dev flexibility
+                csrf_origins.extend([
+                    f"https://{domain}",
+                    f"http://{domain}",
+                ])
+        
+        return csrf_origins
+    
+    @classmethod
+    def _build_prod_csrf_origins(cls, domains: List[str]) -> List[str]:
+        """Build CSRF trusted origins for production."""
+        csrf_origins = []
+        
+        for domain in domains:
+            # Add HTTPS version
+            csrf_origins.append(f"https://{domain}")
+            
+            # Add www. version if applicable
+            if cls._should_add_www_variant(domain):
+                csrf_origins.append(f"https://www.{domain}")
+        
+        return csrf_origins
+    
+    @classmethod
+    def _should_add_www_variant(cls, domain: str) -> bool:
+        """
+        Check if domain should get a www. variant added.
+        
+        Simple rule: add www. variant only if domain doesn't already start with www.
+        Let users handle complex subdomain logic themselves by providing exact domains they want.
+        
+        Examples:
+        - example.com -> True (add www.example.com)
+        - www.example.com -> False (already has www)
+        - api.example.com -> True (add www.api.example.com - let user decide)
+        - localhost -> False (no dot)
+        """
+        if not domain or '.' not in domain:
+            return False
+            
+        # Don't add www if domain already starts with www
+        return not domain.startswith('www.')
+    
     @classmethod
     def get_database_defaults(
         cls,

{django_cfg-1.2.20.dist-info → django_cfg-1.2.21.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: django-cfg
-Version: 1.2.20
+Version: 1.2.21
 Summary: 🚀 Next-gen Django configuration: type-safety, AI features, blazing-fast setup, and automated best practices — all in one.
 Project-URL: Homepage, https://djangocfg.com
 Project-URL: Documentation, https://docs.djangocfg.com

{django_cfg-1.2.20.dist-info → django_cfg-1.2.21.dist-info}/RECORD

@@ -1,5 +1,5 @@
 django_cfg/README.md,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-django_cfg/__init__.py,sha256=VOs7_35T5Qyz-XoqBFSELRGIybr1aoFgOIkYvoZU61g,1631
+django_cfg/__init__.py,sha256=hdpxqrMF75kn_Gpzz8jqS11Cb75Q3GoMd01Q6Mg6MyU,1631
 django_cfg/apps.py,sha256=k84brkeXJI7EgKZLEpTkM9YFZofKI4PzhFOn1cl9Msc,1656
 django_cfg/config.py,sha256=ME-JKaVzcdmaGhuc1YTkEWoMKSaUasNf1SBlNz-NfrM,1399
 django_cfg/urls.py,sha256=bpRFjMonQuk4UCUMxx4ueBX3YDNB7HXKFwEghQ3KR3o,793
@@ -214,7 +214,7 @@ django_cfg/apps/maintenance/admin/__init__.py,sha256=TqusqIrLX50xapmtOALAkJ0hN-9
 django_cfg/apps/maintenance/admin/api_key_admin.py,sha256=l6LiLlw3M64tVssq1PFlmvahLYiq1VS-jHYJdZMrCus,5990
 django_cfg/apps/maintenance/admin/log_admin.py,sha256=x0zAYGUXTckH2eS7wjW7bbGHSWlwqq1-jRz_UmSCoEI,4814
 django_cfg/apps/maintenance/admin/scheduled_admin.py,sha256=Tbkah4TB0mLNLe4uZLMhYDULKRA6mnTiS3Dm6-2SaYA,14957
-django_cfg/apps/maintenance/admin/site_admin.py,sha256=LAkUpcVWj6GUVtJP2jKA96YNIi9SCBSj49TRzPXBlR4,16216
+django_cfg/apps/maintenance/admin/site_admin.py,sha256=MMiDsO7-_t4yTYtPTnpe6GZ2zCY07xMOebKKA2D59OQ,17714
 django_cfg/apps/maintenance/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 django_cfg/apps/maintenance/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 django_cfg/apps/maintenance/management/commands/maintenance.py,sha256=I7ZpQEELSEC-itzK0U6G7HVrdtmpfHSN6ByTv4dc9pg,11557
@@ -225,17 +225,18 @@ django_cfg/apps/maintenance/managers/cloudflare_site_manager.py,sha256=Mr8_2u0wS
 django_cfg/apps/maintenance/managers/maintenance_log_manager.py,sha256=SEbEIy6yEWDHVtQAJE1fixU1nOown6ONPbWngKv878w,4736
 django_cfg/apps/maintenance/migrations/0001_initial.py,sha256=_TY5VA_f_ozqRRhAGADiuuU6Gd1GmM5JzOTWiEgVeFE,14757
 django_cfg/apps/maintenance/migrations/0002_cloudflaresite_maintenance_url.py,sha256=6-xOC2hsn2_TdrtB8k7wkrYJX4l3Vn6m780glGxNBHg,566
+django_cfg/apps/maintenance/migrations/0003_cloudflaresite_include_subdomains_and_more.py,sha256=uxhMhI9tEUjoZqbaOGRNM1Hu1hyYK1dI1kiVxytD2bM,820
 django_cfg/apps/maintenance/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 django_cfg/apps/maintenance/models/__init__.py,sha256=z8FpMPCBLAp8Ose2_fPSYhrbuHSI7tAtRbADwhd_hu4,1074
 django_cfg/apps/maintenance/models/cloudflare_api_key.py,sha256=B5pkZD9Gu_Z1XXek2VY-7SdeH0ZnXK5cKhxnaCWcv2k,3366
-django_cfg/apps/maintenance/models/cloudflare_site.py,sha256=YirWNZ63buvMAqHEFeC7Vc4vh7ukI5iHOdrE7XaJ5Mg,4030
+django_cfg/apps/maintenance/models/cloudflare_site.py,sha256=tMeaMSk4z-_NnxYbzrkjEwMkVGkfPm4TSgaZ0pLoRc8,5708
 django_cfg/apps/maintenance/models/maintenance_log.py,sha256=icqjQf37-EsjHWq8MsdgHHyuMNalH84R8f_z-BKIA2M,3922
 django_cfg/apps/maintenance/models/scheduled_maintenance.py,sha256=J8-8efqZsZh2FQoW3b1MtXcNeuWWr7UkScRUL_YdbGg,10368
 django_cfg/apps/maintenance/services/__init__.py,sha256=KdMiqVBVecJVzCh76j5ImRHa5qOLbZsyqY4ITmaCd0c,2584
 django_cfg/apps/maintenance/services/bulk_operations_service.py,sha256=O3FCYhIuSNW7PE-86aBmA7nxPtbflye9Qv3WCgQ9s-A,15039
-django_cfg/apps/maintenance/services/maintenance_service.py,sha256=MiHnDcTNAik-CWOJ_XWPsv14BZmUqVwQ46TUd6YrUzM,8641
+django_cfg/apps/maintenance/services/maintenance_service.py,sha256=oloMxhG2Ht6BQnMT3DNy1GQXfb1K9DqLdOeuQp42pV4,12830
 django_cfg/apps/maintenance/services/scheduled_maintenance_service.py,sha256=X9xP13B7OPUcMsl8G_U5zUPmni7pO2ru8osASCiZcfE,15218
-django_cfg/apps/maintenance/services/site_sync_service.py,sha256=F4k2NFz6dQp_sgyglFQUwyVItl_eC27uBXwLVt-5V7w,13712
+django_cfg/apps/maintenance/services/site_sync_service.py,sha256=ljtvGfq1eDqlegKjcbR9JeqsBGzpCONoNYBmwFzZNZk,15737
 django_cfg/apps/maintenance/utils/__init__.py,sha256=L6UhtM9MoN1L26-l9C_Nyjp8-S-EB5_VvtvcX_E0isc,221
 django_cfg/apps/maintenance/utils/retry_utils.py,sha256=O55jtdDf9om_QOf9rIAFt7ZEUeE5Ttq-KRLmSA9Bkps,4091
 django_cfg/apps/newsletter/README.md,sha256=cnNXnAUsCVtelMNGYc4a8qJsoiVb--J2OOSh_Jw8piA,3202
@@ -323,16 +324,16 @@ django_cfg/cli/commands/__init__.py,sha256=EKLXDAx-QttnGmdjsmVANAfhxWplxl2V_2I0S
 django_cfg/cli/commands/create_project.py,sha256=iuf965j8Yg7zxHcPb0GtFHEj73CYXC45ZJRmd6RbA9E,21025
 django_cfg/cli/commands/info.py,sha256=o4S1xPJSHv2oEVqmH0X9RTF5f-8Wy9579yHkyd_PC3E,4923
 django_cfg/core/__init__.py,sha256=eVK57qFOok9kTeHoNEMQ1BplkUOaQ7NB9kP9eQK1vg0,358
-django_cfg/core/config.py,sha256=Khn4-yrivGkovH06uUJ3_uen8lt3I54XMKT5lYk5l3Y,27636
+django_cfg/core/config.py,sha256=M7rH99nDErty-dT_oHezZOT6HOX8hokjJOubGGKHYZc,28132
 django_cfg/core/environment.py,sha256=MAoEPqIPsLVhSANT2Bz4nnus2wmbMW0RCOQxhQfDrDc,9106
 django_cfg/core/exceptions.py,sha256=RTQEoU3PfR8lqqNNv5ayd_HY2yJLs3eioqUy8VM6AG4,10378
-django_cfg/core/generation.py,sha256=zq6QZRyE8vS_fZVk2SbqHsCC_43DSvAUU4T1pMf8gSs,25374
+django_cfg/core/generation.py,sha256=Oa9bnEPsxwEaa0RP71zNl_z2p9NNljHnoCTeRu72X-0,25421
 django_cfg/core/integration.py,sha256=5kzkZSd45ij0rfrBdeNUYnDalObqvK__XpoP31xFYKo,5224
 django_cfg/core/validation.py,sha256=PhwDBTs24nuM3xqfIT3hXmN88VrhMT-Bk8Yb8FxjmPk,6590
 django_cfg/management/__init__.py,sha256=NrLAhiS59hqjy-bipOC1abNuRiNm5BpKXmjN05VzKbM,28
 django_cfg/management/commands/__init__.py,sha256=wc5DFEklUo-wB-6VAAmsV5UTbo5s3t936Lu61z4lojs,29
 django_cfg/management/commands/auto_generate.py,sha256=N5IiWYV5claV6gq2rMPB1UMgkH9GK-2gNtbX0IDy754,14195
-django_cfg/management/commands/check_settings.py,sha256=5dtYecXD1GEKGABDmZZBNp6NbBXAbasGwltOwe2GOaA,8757
+django_cfg/management/commands/check_settings.py,sha256=JyVhL4dLnFTXkkMMpSnLoibZ8mfOMPOJ6RXAcESg-74,11509
 django_cfg/management/commands/clear_constance.py,sha256=bSUhxEIKFLmXVilQGn3s9FZuldqDxDq9P9LmybZns_w,8043
 django_cfg/management/commands/create_token.py,sha256=beHtUTuyFZhG97F9vSkaX-u7tieAZW-C6pntujGw1C8,11796
 django_cfg/management/commands/generate.py,sha256=w0BF7IMftxNjxTxFuY8cw5pNKGW-LmTScJ8kZpxHu_8,4248
@@ -499,11 +500,11 @@ django_cfg/templatetags/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG
 django_cfg/templatetags/django_cfg.py,sha256=11_3YX0jAVuOd_fVcDixAxyDMG4V7A98SPqv8Lbfpxc,1308
 django_cfg/utils/__init__.py,sha256=64wwXJuXytvwt8Ze_erSR2HmV07nGWJ6DV5wloRBvYE,435
 django_cfg/utils/path_resolution.py,sha256=C9As6p4Q9l3VeoVkFDRPQWGrzAWf8O8UxLVkaI3ToVM,13899
-django_cfg/utils/smart_defaults.py,sha256=b6A1z7VO1NJGq0oUQXN5P97c3k_Ssgw6qUi0mK-4TlM,19786
+django_cfg/utils/smart_defaults.py,sha256=MxbUZwn_xbh48li7uLI6W4D9WCD2P2WO48dv85Fra5E,23057
 django_cfg/utils/toolkit.py,sha256=Td8_iXNaftonF_xdZP4Y3uO65nuA_4_zditn5Q_Pfcw,23310
 django_cfg/utils/version_check.py,sha256=jI4v3YMdQriUEeb_TvRl511sDghy6I75iKRDUaNpucs,4800
-django_cfg-1.2.20.dist-info/METADATA,sha256=eTO1rvtvACRkkXDfByIoTkYjZvam54MMtG4NLzwO-J4,38434
-django_cfg-1.2.20.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-django_cfg-1.2.20.dist-info/entry_points.txt,sha256=Ucmde4Z2wEzgb4AggxxZ0zaYDb9HpyE5blM3uJ0_VNg,56
-django_cfg-1.2.20.dist-info/licenses/LICENSE,sha256=xHuytiUkSZCRG3N11nk1X6q1_EGQtv6aL5O9cqNRhKE,1071
-django_cfg-1.2.20.dist-info/RECORD,,
+django_cfg-1.2.21.dist-info/METADATA,sha256=eiujuJP0fSTNmByZnWkfR6nOvjzB2mPxZ-3BPtZNbjc,38434
+django_cfg-1.2.21.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+django_cfg-1.2.21.dist-info/entry_points.txt,sha256=Ucmde4Z2wEzgb4AggxxZ0zaYDb9HpyE5blM3uJ0_VNg,56
+django_cfg-1.2.21.dist-info/licenses/LICENSE,sha256=xHuytiUkSZCRG3N11nk1X6q1_EGQtv6aL5O9cqNRhKE,1071
+django_cfg-1.2.21.dist-info/RECORD,,