Skip to content

add cors#48

Open
finish06 wants to merge 1 commit into
masterfrom
finish06/cors
Open

add cors#48
finish06 wants to merge 1 commit into
masterfrom
finish06/cors

Conversation

@finish06
Copy link
Copy Markdown
Member

@finish06 finish06 commented Jan 22, 2021

Explanation

Adds CORS headers default allow all. Initially needed for building UI.

Rationale

UI request from testing partners were being blocked due to cross origin.

Tests

  1. What testing did you do?
    Rebuilt docker image with these changes. Confirmed with @jrlegrand UI is not acccessible.

@yevgenybulochnik
Copy link
Copy Markdown
Member

yevgenybulochnik commented Jan 24, 2021

Looks good to me for now to get this working with the UI repo. @finish06 how do you feel about using a LB and maybe docker to remove the necessity of CORS altogether, just serve everything same-site. Tho I guess if we want others to build UIs based off the api we would still need CORS.

Only other comment is per the django-cors-header doc the position of the middleware is confusing.

MIDDLEWARE = [
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
]

Does this mean it should always be above CommonMiddleware? I know there is some stuff in the middlewares array that is higher up, Django SessionMiddleware and SecurityMiddleware. I couldnt tell from the docs if they mean place Cors at the very top or just place it above commonmiddleware. Also not really sure if this matters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yevgenybulochnik yevgenybulochnik yevgenybulochnik approved these changes

@jrlegrand jrlegrand Awaiting requested review from jrlegrand

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@finish06 @yevgenybulochnik