From 3ca45ce1cb8800928b434d29fef8f173dc22789d Mon Sep 17 00:00:00 2001
From: mk2155 <mk2155@cam.ac.uk>
Date: Fri, 14 Feb 2025 09:57:07 +0000
Subject: [PATCH] fix: include cors app correctly

---
 activate_account_project/settings/base.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/activate_account_project/settings/base.py b/activate_account_project/settings/base.py
index f849310..5e1dd44 100644
--- a/activate_account_project/settings/base.py
+++ b/activate_account_project/settings/base.py
@@ -4,6 +4,7 @@ from datetime import timedelta
 
 import externalsettings
 import structlog
+from corsheaders.defaults import default_headers
 
 from api.versions import AVAILABLE_VERSIONS
 
@@ -72,6 +73,7 @@ INSTALLED_APPS = [
     "django_filters",
     "drf_spectacular",
     "rest_framework",
+    "corsheaders",
     "knox",
     "activate_account",
     "api",
@@ -230,6 +232,12 @@ SPECTACULAR_SETTINGS = {
 # Allow all origins to access API.
 CORS_URLS_REGEX = r"^.*$"
 CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_HEADERS = (
+    *default_headers,
+    "Sec-Ch-Ua",
+    "Sec-Ch-Ua-Mobile",
+    "Sec-Ch-Ua-Platform",
+)
 
 SWAGGER_SETTINGS = {
     # Describe token authentication in swagger definition
-- 
GitLab