Add CORS middleware for webapp development

Otherwise it won't work because the API server listens on 127.0.0.1, not localhost. The right fix is probably to set the nodejs server to start on 127.0.0.1, though. Figure this out later. Change-Id: I260e794e8ff842f6b854d313d6c243e431220fcd
2018-09-03 19:13:02 -04:00 · 2018-09-03 19:13:02 -04:00 · 6a1dd890f0
commit 6a1dd890f0
parent 5772648b1a
2 changed files with 9 additions and 0 deletions
--- a/ara/server/settings.py
+++ b/ara/server/settings.py
@ -28,6 +28,7 @@ INSTALLED_APPS = [
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
+    'corsheaders',
    'rest_framework',
    'ara.api'
 ]
@ -35,6 +36,7 @@ INSTALLED_APPS = [
 MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
@ -44,6 +46,12 @@ MIDDLEWARE = [

 CORS_ORIGIN_ALLOW_ALL = True

+# Django built-in server and npm development server
+CORS_ORIGIN_WHITELIST = (
+    '127.0.0.1:8000',
+    'localhost:3000',
+)
+
 ROOT_URLCONF = 'ara.server.urls'
 APPEND_SLASH = False

--- a/requirements.txt
+++ b/requirements.txt
@ -2,4 +2,5 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0

 Django>=2
 djangorestframework
+django-cors-headers
 envparse