From 1524cccabc35dff35551b863ef83d8c100503839 Mon Sep 17 00:00:00 2001
From: Seyed Alireza Hashemi <amoo.hashem.mehraban@gmail.com>
Date: Sun, 1 Sep 2024 02:25:12 +0330
Subject: [PATCH] fix: add Website to allowed cors headers

---
 manage_content_service/settings/base.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/manage_content_service/settings/base.py b/manage_content_service/settings/base.py
index 2fc423ff..7e726ec9 100644
--- a/manage_content_service/settings/base.py
+++ b/manage_content_service/settings/base.py
@@ -11,8 +11,6 @@ def get_environment_var(var_name, default, prefixed=True):
     return os.getenv(var_name, default)
 
 
-CORS_ORIGIN_ALLOW_ALL = True
-
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(
     os.path.dirname(os.path.abspath(__file__))))
@@ -233,3 +231,22 @@ def GET_PAYMENT_CALLBACK_URL(domain, status):
 
 ASSESS_ANSWER_SERVICE_URL = get_environment_var(
     'ASSESS_ANSWER_SERVICE_URL', 'https://aas.sepid.org/')
+
+
+########## CORS ##########
+
+CORS_ORIGIN_ALLOW_ALL = True
+
+CORS_ALLOW_ALL_ORIGINS = True  # Or specify allowed origins
+CORS_ALLOW_HEADERS = [
+    'accept',
+    'accept-encoding',
+    'authorization',
+    'content-type',
+    'dnt',
+    'origin',
+    'user-agent',
+    'x-csrftoken',
+    'x-requested-with',
+    'Website',  # Add your custom header here
+]