Fix the API CORS header (!216) · Merge requests · allgo / allgo · GitLab

Mentions légales du service

BAIRE Anthony requested to merge cors-fix into django Apr 07, 2022

This ensures that:

CORS headers are handled for all /api/* locations
the same CORS headers are sent for all /api/* locations (implemented in /api/cors)
OPTIONS requests do not require authentication
the ACAO header is always sent (even in 4xx responses)

Other changes:

allow HEAD requests
remove Content-Type from the allowed headers list (not needed)
reduce the max age to one day (more than enough)

Edited Apr 11, 2022 by BAIRE Anthony