From ae61dc1f251077ce3bbb0c35421ec24ffb544f3d Mon Sep 17 00:00:00 2001
From: nicomiguelino <nicomiguelino2014@gmail.com>
Date: Wed, 16 Jul 2025 07:59:32 -0700
Subject: [PATCH 1/2] chore: add CORS handling in Django

---
 anthias_django/settings.py    | 2 ++
 requirements/requirements.txt | 1 +
 2 files changed, 3 insertions(+)

diff --git a/anthias_django/settings.py b/anthias_django/settings.py
index 80d882ad4..cdc4df91b 100644
--- a/anthias_django/settings.py
+++ b/anthias_django/settings.py
@@ -68,11 +68,13 @@
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'dbbackup',
+    'corsheaders',
 ]
 
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 915222d54..b37d45e7e 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -6,6 +6,7 @@ configparser==4.0.2
 cryptography==3.3.2
 Cython==3.0.6
 Django==4.2.22
+django-cors-headers==4.7.0
 djangorestframework==3.15.2
 django-dbbackup==4.2.1
 drf-spectacular==0.27.2

From cabc1afededb807b9b27e3be80aea287127537d8 Mon Sep 17 00:00:00 2001
From: nicomiguelino <nicomiguelino2014@gmail.com>
Date: Wed, 16 Jul 2025 08:13:14 -0700
Subject: [PATCH 2/2] fix: configure `CORS_ALLOWED_ORIGINS` and
 `CORS_ALLOW_CREDENTIALS`

---
 anthias_django/settings.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/anthias_django/settings.py b/anthias_django/settings.py
index cdc4df91b..6aac82595 100644
--- a/anthias_django/settings.py
+++ b/anthias_django/settings.py
@@ -190,3 +190,9 @@
 DBBACKUP_STORAGE = 'django.core.files.storage.FileSystemStorage'
 DBBACKUP_STORAGE_OPTIONS = {'location': '/data/.screenly/backups'}
 DBBACKUP_HOSTNAME = 'anthias'
+
+
+CORS_ALLOWED_ORIGINS = [
+    'http://anthias',
+]
+CORS_ALLOW_CREDENTIALS = True