From eff70b0f1e471ca2b0403ebfe3e5f377d34e35cd Mon Sep 17 00:00:00 2001
From: Helge Jung <hej@c3pb.de>
Date: Mon, 28 Dec 2020 22:59:24 +0100
Subject: [PATCH] force CORS middleware to be the first

This is a possible fix for #144.
---
 src/rc3platform/settings/default.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/rc3platform/settings/default.py b/src/rc3platform/settings/default.py
index 97c7587b3..4132f4426 100644
--- a/src/rc3platform/settings/default.py
+++ b/src/rc3platform/settings/default.py
@@ -71,11 +71,14 @@ if IS_BACKOFFICE:
 if IS_API or IS_BACKOFFICE:
     INSTALLED_APPS += ['corsheaders']  # noqa: F405
     # insert CORS middleware before Django's CommonMiddleware
-    MIDDLEWARE.insert(max(MIDDLEWARE.index('django.middleware.common.CommonMiddleware'), 0), 'corsheaders.middleware.CorsMiddleware')  # noqa: F405
+    MIDDLEWARE.insert(0, 'corsheaders.middleware.CorsMiddleware')  # noqa: F405
 
     # CORS spec
+    CORS_ALLOWED_ORIGINS = [
+        'https://visit.at.rc3.world',
+    ]
     CORS_ALLOWED_ORIGIN_REGEXES = [
-        r'^https://([\w\d-]+\.)*rc3.world$',
+        r'^https:\/\/([\w\d-]+\.)*rc3\.world$',
     ]
     CORS_URLS_REGEX = r'^/api/.*$'
 
-- 
GitLab