From a1fe695b23adebba2514d5fa193759fe5d9524ec Mon Sep 17 00:00:00 2001
From: karmaking <daniel@danieltippmann.de>
Date: Fri, 10 Jan 2025 21:47:58 +0100
Subject: [PATCH] CSRF/CORS WIP

---
 apimanager/apimanager/settings.py | 6 +++---
 requirements.txt                  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apimanager/apimanager/settings.py b/apimanager/apimanager/settings.py
index 2f48b8c..1e519aa 100644
--- a/apimanager/apimanager/settings.py
+++ b/apimanager/apimanager/settings.py
@@ -44,7 +44,7 @@ INSTALLED_APPS = [
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
-    'corsheaders',
+    #'corsheaders',
     'bootstrap',
     'bootstrap_datepicker_plus',
     'mathfilters',
@@ -87,7 +87,7 @@ MIDDLEWARE = [
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     # 'django.middleware.cache.FetchFromCacheMiddleware',
-    'corsheaders.middleware.CorsMiddleware'
+    #'corsheaders.middleware.CorsMiddleware'
 ]
 
 #cache the view page, we set 60s = 1m,
@@ -284,7 +284,7 @@ SESSION_COOKIE_AGE = 300
 CSRF_COOKIE_HTTPONLY = True
 CSRF_COOKIE_SECURE = True
 
-SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 # Paths on API_HOST to OAuth
 OAUTH_TOKEN_PATH = '/oauth/initiate'
diff --git a/requirements.txt b/requirements.txt
index ab2f10a..361c3c6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,4 +11,4 @@ django-bootstrap-datepicker-plus
 django-mathfilters
 django-bootstrap
 django-csp
-django-cors-headers
\ No newline at end of file
+#django-cors-headers
\ No newline at end of file