`02e5e89`

add cors options handling

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 10 months ago

SHA: 02e5e89e4526c95e60ff115ad0ea2d3ebf42acbf
Parents: 487fdab
Tree: 31234b9

3 changed files

Status	File	+	-
M	`backend/api/urls.py`	3	0
M	`backend/api/views.py`	72	1
M	`backend/localtoast/settings.py`	31	5

backend/api/urls.pymodified

      # Health check
      path('health/', views.health_check, name='health_check'),
 +    # CORS test endpoint
 +    path('cors-test/', views.cors_test, name='cors_test'),
++
      # Restaurant endpoints
      path('restaurants/', views.RestaurantListCreateView.as_view(), name='restaurant_list_create'),
      path('restaurants/nearby/', views.NearbyRestaurantsView.as_view(), name='restaurants_nearby'),

backend/api/views.pymodified

 -from django.http import JsonResponse
 +from django.http import JsonResponse, HttpResponse
  from django.utils import timezone
  from django.conf import settings
  from django.db.models import Q
  class NearbyRestaurantsView(APIView):
      """Get restaurants near a location"""
 +    def options(self, request, *args, **kwargs):
 +        """Handle preflight requests"""
 +        response = HttpResponse()
 +        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
 +        response['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
 +        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
 +        response['Access-Control-Max-Age'] = '3600'
 +        return response
++
      def get(self, request):
          lat = request.query_params.get('lat')
          lng = request.query_params.get('lng')
      queryset = Restaurant.objects.all()
      serializer_class = RestaurantSerializer
 +    def options(self, request, *args, **kwargs):
 +        """Handle preflight requests"""
 +        response = HttpResponse()
 +        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
 +        response['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
 +        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
 +        response['Access-Control-Max-Age'] = '3600'
 +        return response
++
      def create(self, request, *args, **kwargs):
          # Check if restaurant already exists
          place_id = request.data.get('place_id')
      """Get detailed info about a restaurant"""
      queryset = Restaurant.objects.all()
      serializer_class = RestaurantDetailSerializer
++
 +    def options(self, request, *args, **kwargs):
 +        """Handle preflight requests"""
 +        response = HttpResponse()
 +        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
 +        response['Access-Control-Allow-Methods'] = 'GET, OPTIONS'
 +        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
 +        response['Access-Control-Max-Age'] = '3600'
 +        return response
  class RestaurantRatingView(APIView):
      """Add a rating to a restaurant or get all ratings"""
 +    def options(self, request, *args, **kwargs):
 +        """Handle preflight requests"""
 +        response = HttpResponse()
 +        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
 +        response['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
 +        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
 +        response['Access-Control-Max-Age'] = '3600'
 +        return response
++
      def get(self, request, pk):
          try:
              restaurant = Restaurant.objects.get(pk=pk)
  class RestaurantToastStatusView(APIView):
      """Update restaurant's toast status"""
 +    def options(self, request, *args, **kwargs):
 +        """Handle preflight requests"""
 +        response = HttpResponse()
 +        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
 +        response['Access-Control-Allow-Methods'] = 'PATCH, OPTIONS'
 +        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
 +        response['Access-Control-Max-Age'] = '3600'
 +        return response
++
      def patch(self, request, pk):
          try:
              restaurant = Restaurant.objects.get(pk=pk)
  class SearchPlacesView(APIView):
      """Search for places that might serve toast"""
 +    def options(self, request, *args, **kwargs):
 +        """Handle preflight requests"""
 +        response = HttpResponse()
 +        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
 +        response['Access-Control-Allow-Methods'] = 'GET, OPTIONS'
 +        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
 +        response['Access-Control-Max-Age'] = '3600'
 +        return response
++
      def get(self, request):
          lat = request.query_params.get('lat')
          lng = request.query_params.get('lng')
+         ]
 +@api_view(['GET', 'OPTIONS'])
 +def cors_test(request):
 +    """Test endpoint for CORS"""
 +    if request.method == 'OPTIONS':
 +        response = HttpResponse()
 +        response['Access-Control-Allow-Origin'] = '*'
 +        response['Access-Control-Allow-Methods'] = 'GET, OPTIONS'
 +        response['Access-Control-Allow-Headers'] = '*'
 +        return response
++
 +    return Response({
 +        'status': 'CORS test successful',
 +        'origin': request.headers.get('Origin', 'No origin header'),
 +        'method': request.method
 +    })
++
++
  @api_view(['POST'])
  def seed_data(request):
      """Seed the database with sample restaurants"""

backend/localtoast/settings.pymodified

  MIDDLEWARE = [
      'django.middleware.security.SecurityMiddleware',
 -    'corsheaders.middleware.CorsMiddleware',
 +    'corsheaders.middleware.CorsMiddleware',  # Must be before CommonMiddleware
      'django.middleware.common.CommonMiddleware',
      'django.middleware.csrf.CsrfViewMiddleware',
      'django.contrib.sessions.middleware.SessionMiddleware',
      ],
+ }
 -# CORS settings
 +# CORS settings - Updated for better compatibility
  CORS_ALLOWED_ORIGINS = [
      "http://localhost:3000",
      "http://localhost:3001",
      "https://localtoast.fyi",
+ ]
 -# Allow CORS during development
 -if DEBUG:
 -    CORS_ALLOW_ALL_ORIGINS = True
 +# Add frontend URL from environment if provided
 +if os.getenv('FRONTEND_URL'):
 +    CORS_ALLOWED_ORIGINS.append(os.getenv('FRONTEND_URL'))
++
 +# Explicit CORS configuration
 +CORS_ALLOW_ALL_ORIGINS = False  # Never True in production
 +CORS_ALLOW_CREDENTIALS = True
 +CORS_PREFLIGHT_MAX_AGE = 86400
++
 +CORS_ALLOW_METHODS = [
 +    'DELETE',
 +    'GET',
 +    'OPTIONS',
 +    'PATCH',
 +    'POST',
 +    'PUT',
 +]
++
 +CORS_ALLOW_HEADERS = [
 +    'accept',
 +    'accept-encoding',
 +    'authorization',
 +    'content-type',
 +    'dnt',
 +    'origin',
 +    'user-agent',
 +    'x-csrftoken',
 +    'x-requested-with',
 +]
  # Media files
  MEDIA_URL = '/media/'