From 54d484493cfe997977345f25f459167ad8aeb7f8 Mon Sep 17 00:00:00 2001 From: Robert Sparks Date: Tue, 11 Sep 2018 20:04:35 +0000 Subject: [PATCH] Add CORS headers for the api and views that serve json. Fixes #2546, #2551, and #2552. Commit ready for merge. - Legacy-Id: 15448 --- ietf/settings.py | 8 ++++++++ requirements.txt | 1 + 2 files changed, 9 insertions(+) diff --git a/ietf/settings.py b/ietf/settings.py index a0a42fa14..e6c6cee23 100644 --- a/ietf/settings.py +++ b/ietf/settings.py @@ -343,6 +343,7 @@ if DEBUG: MIDDLEWARE = ( 'django.middleware.csrf.CsrfViewMiddleware', + 'corsheaders.middleware.CorsMiddleware', # see docs on CORS_REPLACE_HTTPS_REFERER before using it 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', @@ -382,6 +383,7 @@ INSTALLED_APPS = ( # External apps 'anora', 'bootstrap3', + 'corsheaders', 'django_markup', 'django_password_strength', 'djangobwr', @@ -455,6 +457,12 @@ BOOTSTRAP3 = { } +# CORS settings +# See https://github.com/ottoyiu/django-cors-headers/ +CORS_ORIGIN_ALLOW_ALL = True +CORS_ALLOW_METHODS = ( 'GET', 'OPTIONS', ) +CORS_URLS_REGEX = r'(^/api/.*|^.*json)$' + # Override this in your settings_local with the IP addresses relevant for you: INTERNAL_IPS = ( # local diff --git a/requirements.txt b/requirements.txt index bfe751956..47a1e9d24 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,6 +13,7 @@ defusedxml>=0.4.1 # for TastyPie when ussing xml; not a declared dependency Django>=1.11,<1.12 django-bcrypt>=0.9.2 # for the BCrypt password hasher option. Remove when all bcrypt upgraded to argon2 django-bootstrap3>=8.2.1,<9.0.0 +django-cors-headers>=2.4.0 django-formtools>=1.0 # instead of django.contrib.formtools in 1.8 django-markup>=1.1 django-password-strength>=1.2.1