adding CORS policy for the API

We add the corsheaders application in order to
enable the CORS policy for the read-only REST API.

This is needed to allow AJAX queries to the layerindex
application from a browser environment.

Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>

3 files changed, 10 insertions, 0 deletions

diff --git a/README b/README
index 6fee259aef..1903fbfa4d 100644
--- a/README
+++ b/README
@@ -26,6 +26,7 @@ In order to make use of this application you will need:
   * django-simple-captcha (0.4.1)
   * django-nvd3 (0.6.0)
   * djangorestframework (2.3.14)
+  * django-cors-headers (0.12)
 * On the machine that will run the backend update script (which does not
   have to be the same machine as the web server, however it does still
   have to have Django installed, have the same or similar configuration
diff --git a/requirements.txt b/requirements.txt
index 8ad447f342..b88ab2b084 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,6 +6,7 @@ South==0.8.4
 Unidecode==0.04.16
 argparse==1.2.1
 awesome-slugify==1.5
+django-cors-headers==0.12
 django-nvd3==0.7.4
 django-registration==0.8
 django-reversion==1.6.0
diff --git a/settings.py b/settings.py
index d53a9d36d3..b21a5b43d0 100644
--- a/settings.py
+++ b/settings.py
@@ -100,6 +100,7 @@ TEMPLATE_LOADERS = (
 )
 
 MIDDLEWARE_CLASSES = (
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -109,6 +110,12 @@ MIDDLEWARE_CLASSES = (
     'reversion.middleware.RevisionMiddleware',
 )
 
+# We allow CORS calls from everybody
+CORS_ORIGIN_ALLOW_ALL = True
+# for the API pages
+CORS_URLS_REGEX = r'.*/api/.*';
+
+
 # Clickjacking protection
 X_FRAME_OPTIONS = 'DENY'
 
@@ -145,6 +152,7 @@ INSTALLED_APPS = (
     'captcha',
     'south',
     'rest_framework',
+    'corsheaders',
     'django_nvd3'
 )