Commit 73595284 authored by Konrad Mohrfeldt's avatar Konrad Mohrfeldt

add CORS headers to responses for API consumers

Add corsheaders app so that responses delivered for /api routes contain
proper CORS headers required by clients running in browsers constrained
by same-origin policies.

Note: /media/ routes are configured in the default configuration because
the development web server should immitate the behaviour of a production
web server. However CORS headers will not be present on a production
server if not configured separately, because the /media/ path is
handled by the static file serving mechanism of common web servers.
parent ce1d5c1c
......@@ -22,6 +22,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
INSTALLED_APPS = [
'audiothek',
'core',
'corsheaders',
'program',
'rest_framework',
'django_filters',
......@@ -53,6 +54,7 @@ except ImportError:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
......@@ -161,6 +163,13 @@ LOHROTHEK_RECORDING_API_URL = 'http://localhost:8001/snippets/'
LOHROTHEK_FFMPEG = '/usr/bin/ffmpeg'
CORS_ORIGIN_ALLOW_ALL = True
# Add CORS headers for all routes starting with either /api/ or /media/.
# Note that the /media/ path is only handled in dev-mode as static resources are delivered
# by a proper web server in production and must be configured separately.
CORS_URLS_REGEX = r'^/(api|media)/.*$'
CORS_ALLOW_METHODS = ('GET', 'HEAD', 'OPTIONS')
try:
from lohrothek.local_settings import * # noqa: 401
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment