`02e5e89`

add cors options handling

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 10 months ago

SHA: 02e5e89e4526c95e60ff115ad0ea2d3ebf42acbf
Parents: 487fdab
Tree: 31234b9

3 changed files

Status	File	+	-
M	`backend/api/urls.py`	3	0
M	`backend/api/views.py`	72	1
M	`backend/localtoast/settings.py`	31	5

backend/api/urls.pymodified

      # Health check
      path('health/', views.health_check, name='health_check'),
++    # CORS test endpoint
++    path('cors-test/', views.cors_test, name='cors_test'),
++
      # Restaurant endpoints
      path('restaurants/', views.RestaurantListCreateView.as_view(), name='restaurant_list_create'),
      path('restaurants/nearby/', views.NearbyRestaurantsView.as_view(), name='restaurants_nearby'),

backend/api/views.pymodified

--from django.http import JsonResponse
++from django.http import JsonResponse, HttpResponse
  from django.utils import timezone
  from django.conf import settings
  from django.db.models import Q
  class NearbyRestaurantsView(APIView):
      """Get restaurants near a location"""
++    def options(self, request, *args, **kwargs):
++        """Handle preflight requests"""
++        response = HttpResponse()
++        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
++        response['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
++        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
++        response['Access-Control-Max-Age'] = '3600'
++        return response
++
      def get(self, request):
          lat = request.query_params.get('lat')
          lng = request.query_params.get('lng')
      queryset = Restaurant.objects.all()
      serializer_class = RestaurantSerializer
++    def options(self, request, *args, **kwargs):
++        """Handle preflight requests"""
++        response = HttpResponse()
++        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
++        response['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
++        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
++        response['Access-Control-Max-Age'] = '3600'
++        return response
++
      def create(self, request, *args, **kwargs):
          # Check if restaurant already exists
          place_id = request.data.get('place_id')
      """Get detailed info about a restaurant"""
      queryset = Restaurant.objects.all()
      serializer_class = RestaurantDetailSerializer
++
++    def options(self, request, *args, **kwargs):
++        """Handle preflight requests"""
++        response = HttpResponse()
++        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
++        response['Access-Control-Allow-Methods'] = 'GET, OPTIONS'
++        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
++        response['Access-Control-Max-Age'] = '3600'
++        return response
  class RestaurantRatingView(APIView):
      """Add a rating to a restaurant or get all ratings"""
++    def options(self, request, *args, **kwargs):
++        """Handle preflight requests"""
++        response = HttpResponse()
++        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
++        response['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
++        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
++        response['Access-Control-Max-Age'] = '3600'
++        return response
++
      def get(self, request, pk):
          try:
              restaurant = Restaurant.objects.get(pk=pk)
  class RestaurantToastStatusView(APIView):
      """Update restaurant's toast status"""
++    def options(self, request, *args, **kwargs):
++        """Handle preflight requests"""
++        response = HttpResponse()
++        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
++        response['Access-Control-Allow-Methods'] = 'PATCH, OPTIONS'
++        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
++        response['Access-Control-Max-Age'] = '3600'
++        return response
++
      def patch(self, request, pk):
          try:
              restaurant = Restaurant.objects.get(pk=pk)
  class SearchPlacesView(APIView):
      """Search for places that might serve toast"""
++    def options(self, request, *args, **kwargs):
++        """Handle preflight requests"""
++        response = HttpResponse()
++        response['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
++        response['Access-Control-Allow-Methods'] = 'GET, OPTIONS'
++        response['Access-Control-Allow-Headers'] = 'Content-Type, Accept, X-Requested-With'
++        response['Access-Control-Max-Age'] = '3600'
++        return response
++
      def get(self, request):
          lat = request.query_params.get('lat')
          lng = request.query_params.get('lng')
+         ]
++@api_view(['GET', 'OPTIONS'])
++def cors_test(request):
++    """Test endpoint for CORS"""
++    if request.method == 'OPTIONS':
++        response = HttpResponse()
++        response['Access-Control-Allow-Origin'] = '*'
++        response['Access-Control-Allow-Methods'] = 'GET, OPTIONS'
++        response['Access-Control-Allow-Headers'] = '*'
++        return response
++
++    return Response({
++        'status': 'CORS test successful',
++        'origin': request.headers.get('Origin', 'No origin header'),
++        'method': request.method
++    })
++
++
  @api_view(['POST'])
  def seed_data(request):
      """Seed the database with sample restaurants"""

backend/localtoast/settings.pymodified

  MIDDLEWARE = [
      'django.middleware.security.SecurityMiddleware',
--    'corsheaders.middleware.CorsMiddleware',
++    'corsheaders.middleware.CorsMiddleware',  # Must be before CommonMiddleware
      'django.middleware.common.CommonMiddleware',
      'django.middleware.csrf.CsrfViewMiddleware',
      'django.contrib.sessions.middleware.SessionMiddleware',
      ],
+ }
--# CORS settings
++# CORS settings - Updated for better compatibility
  CORS_ALLOWED_ORIGINS = [
      "http://localhost:3000",
      "http://localhost:3001",
      "https://localtoast.fyi",
+ ]
--# Allow CORS during development
++# Add frontend URL from environment if provided
--if DEBUG:
++if os.getenv('FRONTEND_URL'):
--    CORS_ALLOW_ALL_ORIGINS = True
++    CORS_ALLOWED_ORIGINS.append(os.getenv('FRONTEND_URL'))
++
++# Explicit CORS configuration
++CORS_ALLOW_ALL_ORIGINS = False  # Never True in production
++CORS_ALLOW_CREDENTIALS = True
++CORS_PREFLIGHT_MAX_AGE = 86400
++
++CORS_ALLOW_METHODS = [
++    'DELETE',
++    'GET',
++    'OPTIONS',
++    'PATCH',
++    'POST',
++    'PUT',
++]
++
++CORS_ALLOW_HEADERS = [
++    'accept',
++    'accept-encoding',
++    'authorization',
++    'content-type',
++    'dnt',
++    'origin',
++    'user-agent',
++    'x-csrftoken',
++    'x-requested-with',
++]
  # Media files
  MEDIA_URL = '/media/'