Disable CORS altogether.

This solves #4 better than dfc7c8b163
This commit is contained in:
Tom Hacohen 2018-06-28 16:37:21 +01:00
parent dfc7c8b163
commit de4f49973f
2 changed files with 6 additions and 0 deletions

View File

@ -40,6 +40,7 @@ INSTALLED_APPS = [
'django.contrib.sessions', 'django.contrib.sessions',
'django.contrib.messages', 'django.contrib.messages',
'django.contrib.staticfiles', 'django.contrib.staticfiles',
'corsheaders',
'rest_framework', 'rest_framework',
'rest_framework.authtoken', 'rest_framework.authtoken',
'journal.apps.JournalConfig', 'journal.apps.JournalConfig',
@ -48,6 +49,7 @@ INSTALLED_APPS = [
MIDDLEWARE = [ MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware', 'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
@ -130,3 +132,6 @@ STATIC_URL = '/static/'
JOURNAL_API_PERMISSIONS = ( JOURNAL_API_PERMISSIONS = (
'rest_framework.permissions.IsAuthenticated', 'rest_framework.permissions.IsAuthenticated',
) )
# Cors
CORS_ORIGIN_ALLOW_ALL = True

View File

@ -1,4 +1,5 @@
Django>=2.0.5,<2.0.999 Django>=2.0.5,<2.0.999
django-cors-headers==2.3.0
djangorestframework>=3.8.2,<3.8.999 djangorestframework>=3.8.2,<3.8.999
drf-nested-routers==0.90.2 drf-nested-routers==0.90.2
pytz pytz