From 4bd2562edf5a82c6d58a4c805bdbe4ff31483b6b Mon Sep 17 00:00:00 2001
From: Hugo Roussille <hugo.roussille@ens.fr>
Date: Wed, 13 Sep 2017 15:57:57 +0200
Subject: [PATCH 1/4] django-cors-headers for cross-domain AJAX

---
 cof/settings/common.py | 2 ++
 requirements.txt       | 1 +
 2 files changed, 3 insertions(+)

diff --git a/cof/settings/common.py b/cof/settings/common.py
index ba0b6044..fba32743 100644
--- a/cof/settings/common.py
+++ b/cof/settings/common.py
@@ -91,9 +91,11 @@ INSTALLED_APPS = [
     'modelcluster',
     'taggit',
     'kfet.cms',
+    'corsheaders',
 ]
 
 MIDDLEWARE_CLASSES = [
+    'corsheaders.middleware.CorsMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
diff --git a/requirements.txt b/requirements.txt
index f3964212..b28b939e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,6 +25,7 @@ channels==1.1.5
 python-dateutil
 wagtail==1.10.*
 wagtailmenus==2.2.*
+django-cors-headers==2.1.0
 
 # Production tools
 wheel

From a4eedbc1a60c902301ef48559a58caf804ad5624 Mon Sep 17 00:00:00 2001
From: Hugo Roussille <hugo.roussille@ens.fr>
Date: Wed, 13 Sep 2017 18:21:34 +0200
Subject: [PATCH 2/4] Whitelist bda and cof apps for cross-domain

---
 cof/settings/common.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cof/settings/common.py b/cof/settings/common.py
index fba32743..bac17653 100644
--- a/cof/settings/common.py
+++ b/cof/settings/common.py
@@ -197,6 +197,11 @@ AUTHENTICATION_BACKENDS = (
 
 RECAPTCHA_USE_SSL = True
 
+CORS_ORIGIN_REGEX_WHITELIST = (
+    'bda.ens.fr',
+    'cof.ens.fr',
+)
+
 # Cache settings
 
 CACHES = {

From 09cfcc476a910bc415f19f51c0636e5662146bee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20P=C3=A9pin?= <martin.pepin@ens.fr>
Date: Sun, 8 Apr 2018 22:32:59 +0200
Subject: [PATCH 3/4] Bump django-cors-headers

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 36370bdb..5ad482a5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -24,7 +24,7 @@ channels==1.1.5
 python-dateutil
 wagtail==1.10.*
 wagtailmenus==2.2.*
-django-cors-headers==2.1.0
+django-cors-headers==2.2.0
 
 # Production tools
 wheel

From a7cd1e04cd3f93d6d421762b114cfef3dceb4244 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20P=C3=A9pin?= <martin.pepin@ens.fr>
Date: Sun, 8 Apr 2018 22:33:19 +0200
Subject: [PATCH 4/4] prefer CORS_ORIGIN_WHITELIST to
 CORS_ORIGIN_REGEX_WHITELIST

---
 cof/settings/common.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/cof/settings/common.py b/cof/settings/common.py
index 00e03869..8ec003ad 100644
--- a/cof/settings/common.py
+++ b/cof/settings/common.py
@@ -210,9 +210,11 @@ AUTHENTICATION_BACKENDS = (
 
 RECAPTCHA_USE_SSL = True
 
-CORS_ORIGIN_REGEX_WHITELIST = (
+CORS_ORIGIN_WHITELIST = (
     'bda.ens.fr',
+    'www.bda.ens.fr'
     'cof.ens.fr',
+    'www.cof.ens.fr',
 )
 
 # Cache settings