Changed approach from CORS to a templating change

src/registrar/config/settings.py

@@ -290,7 +290,7 @@ CSP_DEFAULT_SRC = allowed_sources
 # Most things fall back to default-src, but these two do not and should be
 # explicitly set
 CSP_FRAME_ANCESTORS = allowed_sources
-CSP_FORM_ACTION = ("'self'", "https://idp.int.identitysandbox.gov/openid_connect/logout")
+CSP_FORM_ACTION = allowed_sources
 
 
 # Content-Length header is set by django.middleware.common.CommonMiddleware

src/registrar/config/urls.py

@@ -46,9 +46,9 @@ for step, view in [
 urlpatterns = [
     path("", views.index, name="home"),
     path(
-            "admin/logout/",
-            RedirectView.as_view(pattern_name="logout", permanent=False),
-        ),
+        "admin/logout/",
+        RedirectView.as_view(pattern_name="logout", permanent=False),
+    ),
     path("admin/", admin.site.urls),
     path(
         "application/<id>/edit/",
@@ -118,7 +118,9 @@ urlpatterns = [
     ),
 ]
 
-
+# What is the purpose of this?
+# This behaviour gets overwritten, so this doesn't do anything...
+# Login in particular
 if not settings.DEBUG:
     urlpatterns += [
         # redirect to login.gov

src/registrar/templates/admin/base_site.html

@@ -13,5 +13,20 @@
   {% include "admin/color_theme_toggle.html" %}
 {% endif %}
 {% endblock %}
-
+{% block userlinks %}
+  {% if site_url %}
+      <a href="{{ site_url }}">View site</a> /
+  {% endif %}
+  {% if user.is_active and user.is_staff %}
+      {% url 'django-admindocs-docroot' as docsroot %}
+      {% if docsroot %}
+          <a href="{{ docsroot }}">Documentation</a> /
+      {% endif %}
+  {% endif %}
+  {% if user.has_usable_password %}
+  <a href="{% url 'admin:password_change' %}">Change password</a> /
+  {% endif %}
+  <a href="{% url 'admin:logout' %}" id="admin-logout-button">Log out</a>
+  {% include "admin/color_theme_toggle.html" %}
+ {% endblock %}
 {% block nav-global %}{% endblock %}