From 3ca45ce1cb8800928b434d29fef8f173dc22789d Mon Sep 17 00:00:00 2001
From: mk2155 <mk2155@cam.ac.uk>
Date: Fri, 14 Feb 2025 09:57:07 +0000
Subject: [PATCH 1/2] fix: include cors app correctly

---
 activate_account_project/settings/base.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/activate_account_project/settings/base.py b/activate_account_project/settings/base.py
index f849310..5e1dd44 100644
--- a/activate_account_project/settings/base.py
+++ b/activate_account_project/settings/base.py
@@ -4,6 +4,7 @@ from datetime import timedelta
 
 import externalsettings
 import structlog
+from corsheaders.defaults import default_headers
 
 from api.versions import AVAILABLE_VERSIONS
 
@@ -72,6 +73,7 @@ INSTALLED_APPS = [
     "django_filters",
     "drf_spectacular",
     "rest_framework",
+    "corsheaders",
     "knox",
     "activate_account",
     "api",
@@ -230,6 +232,12 @@ SPECTACULAR_SETTINGS = {
 # Allow all origins to access API.
 CORS_URLS_REGEX = r"^.*$"
 CORS_ORIGIN_ALLOW_ALL = True
+CORS_ALLOW_HEADERS = (
+    *default_headers,
+    "Sec-Ch-Ua",
+    "Sec-Ch-Ua-Mobile",
+    "Sec-Ch-Ua-Platform",
+)
 
 SWAGGER_SETTINGS = {
     # Describe token authentication in swagger definition
-- 
GitLab


From c5e477451ba998c9c4c8f37a80e92a317b9be54d Mon Sep 17 00:00:00 2001
From: mk2155 <mk2155@cam.ac.uk>
Date: Mon, 17 Feb 2025 12:04:29 +0000
Subject: [PATCH 2/2] feat: add allowed recaptcha header

---
 activate_account_project/settings/base.py | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/activate_account_project/settings/base.py b/activate_account_project/settings/base.py
index 5e1dd44..b5d6996 100644
--- a/activate_account_project/settings/base.py
+++ b/activate_account_project/settings/base.py
@@ -232,12 +232,7 @@ SPECTACULAR_SETTINGS = {
 # Allow all origins to access API.
 CORS_URLS_REGEX = r"^.*$"
 CORS_ORIGIN_ALLOW_ALL = True
-CORS_ALLOW_HEADERS = (
-    *default_headers,
-    "Sec-Ch-Ua",
-    "Sec-Ch-Ua-Mobile",
-    "Sec-Ch-Ua-Platform",
-)
+CORS_ALLOW_HEADERS = (*default_headers, "X-Recaptcha-Token")
 
 SWAGGER_SETTINGS = {
     # Describe token authentication in swagger definition
-- 
GitLab