adding CORS policy for the API

We add the corsheaders application in order to
enable the CORS policy for the read-only REST API.

This is needed to allow AJAX queries to the layerindex
application from a browser environment.

Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>

README

@@ -26,6 +26,7 @@ In order to make use of this application you will need:
   * django-simple-captcha (0.4.1)
   * django-nvd3 (0.6.0)
   * djangorestframework (2.3.14)
+  * django-cors-headers (0.12)
 * On the machine that will run the backend update script (which does not
   have to be the same machine as the web server, however it does still
   have to have Django installed, have the same or similar configuration

requirements.txt

@@ -6,6 +6,7 @@ South==0.8.4
 Unidecode==0.04.16
 argparse==1.2.1
 awesome-slugify==1.5
+django-cors-headers==0.12
 django-nvd3==0.7.4
 django-registration==0.8
 django-reversion==1.6.0

settings.py

@@ -100,6 +100,7 @@ TEMPLATE_LOADERS = (
 )
 
 MIDDLEWARE_CLASSES = (
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
@@ -109,6 +110,12 @@ MIDDLEWARE_CLASSES = (
     'reversion.middleware.RevisionMiddleware',
 )
 
+# We allow CORS calls from everybody
+CORS_ORIGIN_ALLOW_ALL = True
+# for the API pages
+CORS_URLS_REGEX = r'.*/api/.*';
+
+
 # Clickjacking protection
 X_FRAME_OPTIONS = 'DENY'
 
@@ -145,6 +152,7 @@ INSTALLED_APPS = (
     'captcha',
     'south',
     'rest_framework',
+    'corsheaders',
     'django_nvd3'
 )