fix: add Website to allowed cors headers

sepid-org · Aug 31, 2024 · 1524ccc · 1524ccc
1 parent 52daf89
commit 1524ccc
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/manage_content_service/settings/base.py b/manage_content_service/settings/base.py
@@ -11,8 +11,6 @@ def get_environment_var(var_name, default, prefixed=True):
     return os.getenv(var_name, default)
 
 
-CORS_ORIGIN_ALLOW_ALL = True
-
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(
     os.path.dirname(os.path.abspath(__file__))))
@@ -233,3 +231,22 @@ def GET_PAYMENT_CALLBACK_URL(domain, status):
 
 ASSESS_ANSWER_SERVICE_URL = get_environment_var(
     'ASSESS_ANSWER_SERVICE_URL', 'https://aas.sepid.org/')
+
+
+########## CORS ##########
+
+CORS_ORIGIN_ALLOW_ALL = True
+
+CORS_ALLOW_ALL_ORIGINS = True  # Or specify allowed origins
+CORS_ALLOW_HEADERS = [
+    'accept',
+    'accept-encoding',
+    'authorization',
+    'content-type',
+    'dnt',
+    'origin',
+    'user-agent',
+    'x-csrftoken',
+    'x-requested-with',
+    'Website',  # Add your custom header here
+]