fix CSRF/CORS

apimanager/apimanager/settings.py

@@ -44,7 +44,6 @@ INSTALLED_APPS = [
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    #'corsheaders',
     'bootstrap',
     'bootstrap_datepicker_plus',
     'mathfilters',
@@ -87,7 +86,6 @@ MIDDLEWARE = [
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     # 'django.middleware.cache.FetchFromCacheMiddleware',
-    #'corsheaders.middleware.CorsMiddleware'
 ]
 
 #cache the view page, we set 60s = 1m,
@@ -284,7 +282,7 @@ SESSION_COOKIE_AGE = 300
 CSRF_COOKIE_HTTPONLY = True
 CSRF_COOKIE_SECURE = True
 
-#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 # Paths on API_HOST to OAuth
 OAUTH_TOKEN_PATH = '/oauth/initiate'

requirements.txt

@@ -10,5 +10,4 @@ matplotlib
 django-bootstrap-datepicker-plus
 django-mathfilters
 django-bootstrap
-django-csp
-#django-cors-headers
+django-csp