diff options
author | Alexandru DAMIAN <alexandru.damian@intel.com> | 2014-07-16 15:53:29 +0100 |
---|---|---|
committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-09-24 11:32:34 +0100 |
commit | 1d84f282de80f345b06022dc743aed21c4d00372 (patch) | |
tree | a4e8977664d5ee71c126e06ab9e4fe44cc8a8da4 | |
parent | 1c9d6be527e334046ea4d8f6ae3617c6e9d166c2 (diff) | |
download | openembedded-core-contrib-1d84f282de80f345b06022dc743aed21c4d00372.tar.gz |
adding CORS policy for the API
We add the corsheaders application in order to
enable the CORS policy for the read-only REST API.
This is needed to allow AJAX queries to the layerindex
application from a browser environment.
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | requirements.txt | 1 | ||||
-rw-r--r-- | settings.py | 8 |
3 files changed, 10 insertions, 0 deletions
@@ -26,6 +26,7 @@ In order to make use of this application you will need: * django-simple-captcha (0.4.1) * django-nvd3 (0.6.0) * djangorestframework (2.3.14) + * django-cors-headers (0.12) * On the machine that will run the backend update script (which does not have to be the same machine as the web server, however it does still have to have Django installed, have the same or similar configuration diff --git a/requirements.txt b/requirements.txt index 8ad447f342..b88ab2b084 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,6 +6,7 @@ South==0.8.4 Unidecode==0.04.16 argparse==1.2.1 awesome-slugify==1.5 +django-cors-headers==0.12 django-nvd3==0.7.4 django-registration==0.8 django-reversion==1.6.0 diff --git a/settings.py b/settings.py index d53a9d36d3..b21a5b43d0 100644 --- a/settings.py +++ b/settings.py @@ -100,6 +100,7 @@ TEMPLATE_LOADERS = ( ) MIDDLEWARE_CLASSES = ( + 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', @@ -109,6 +110,12 @@ MIDDLEWARE_CLASSES = ( 'reversion.middleware.RevisionMiddleware', ) +# We allow CORS calls from everybody +CORS_ORIGIN_ALLOW_ALL = True +# for the API pages +CORS_URLS_REGEX = r'.*/api/.*'; + + # Clickjacking protection X_FRAME_OPTIONS = 'DENY' @@ -145,6 +152,7 @@ INSTALLED_APPS = ( 'captcha', 'south', 'rest_framework', + 'corsheaders', 'django_nvd3' ) |