Merge pull request #732 from unfoldingWord-dev/robh_cors

RobH123 · web-flow · commit c5612f0a95c8 · 2020-03-17T12:42:55.000+13:00
Add CORS headers
diff --git a/requirements.txt b/requirements.txt
@@ -10,6 +10,7 @@ django-appconf==1.0.1
 django-bootstrap-form==3.2
 django-celery==3.1.17
 django-contrib-comments==1.7.1
+django-cors-headers==2.4.1
 django-model-utils==2.4
 django-multiupload==0.5
 django-redis-cache==1.6.5
diff --git a/runtime.txt b/runtime.txt
@@ -1 +1 @@
-python-2.7.15
+python-2.7.17
diff --git a/td/settings.py b/td/settings.py
@@ -81,6 +81,7 @@
 SECRET_KEY = os.environ.get("SECRET_KEY", "notasecret")
 
 MIDDLEWARE_CLASSES = [
+    "corsheaders.middleware.CorsMiddleware",
     "reversion.middleware.RevisionMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",
@@ -149,6 +150,7 @@
     "rest_framework",
     "django_comments",
     "taggit",
+    "corsheaders",
 
     # project
     "td",
@@ -268,6 +270,14 @@
     }
 ]
 
+# Added RJH Mar2020 for django-cors-headers package
+# NOTE: We are using django-cors-headers 2.4.1 to be compatible with Django 1.9
+#           and it doesn't specify the URI scheme (https://) in the whitelist.
+CORS_ORIGIN_WHITELIST = [
+    "door43.org",
+    "dev.door43.org",
+]
+
 
 import sentry_sdk
 from sentry_sdk.integrations.celery import CeleryIntegration
