CORS headers

.env.template

@@ -19,6 +19,7 @@ POSTGRES_DB=
 DRF_SECRET_KEY=
 DRF_DEBUG=
 ALLOWED_HOSTS=
+CORS_ALLOWED_ORIGINS=
 CSRF_TRUSTED_ORIGINS=
 
 OIDC_RP_CLIENT_ID=

marbas/settings.py

@@ -31,6 +31,8 @@ ALLOWED_HOSTS = os.environ.get("ALLOWED_HOSTS", "").split(",")
 ALLOWED_HOSTS = [] if not any(ALLOWED_HOSTS) else ALLOWED_HOSTS
 CSRF_TRUSTED_ORIGINS = os.environ.get("CSRF_TRUSTED_ORIGINS", "").split(",")
 CSRF_TRUSTED_ORIGINS = [] if not any(CSRF_TRUSTED_ORIGINS) else CSRF_TRUSTED_ORIGINS
+CORS_ALLOWED_ORIGINS = os.environ.get("CORS_ALLOWED_ORIGINS", "").split(",")
+CORS_ALLOWED_ORIGINS = [] if not any(CORS_ALLOWED_ORIGINS) else CORS_ALLOWED_ORIGINS
 
 # Application definition
 
@@ -53,8 +55,9 @@ INSTALLED_APPS = [
     'authentication',
     'api',
     'sde',
-    'esi',
+    # 'esi',
     'django.contrib.admin',
+    'corsheaders',
     'django.contrib.auth',
     'mozilla_django_oidc',
     'django.contrib.contenttypes',
@@ -69,6 +72,7 @@ INSTALLED_APPS = [
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',

requirements.txt

@@ -11,3 +11,4 @@ inflection
 django-esi
 django-health-check
 mozilla-django-oidc
+django-cors-headers