Mentions légales du service

Skip to content

Fix the API CORS header

BAIRE Anthony requested to merge cors-fix into django

This ensures that:

  • CORS headers are handled for all /api/* locations
  • the same CORS headers are sent for all /api/* locations (implemented in /api/cors)
  • OPTIONS requests do not require authentication
  • the ACAO header is always sent (even in 4xx responses)

Other changes:

  • allow HEAD requests
  • remove Content-Type from the allowed headers list (not needed)
  • reduce the max age to one day (more than enough)
Edited by BAIRE Anthony

Merge request reports