From 7de63d408135961b754c995b3aa778cdfb7e6a22 Mon Sep 17 00:00:00 2001
From: Dhanur Sharma <dhanurjsharma@gmail.com>
Date: Tue, 1 Apr 2025 13:01:24 -0500
Subject: [PATCH] Added CORS_ALLOW_HEADERS and rearranged middleware imports

---
 config/settings/base.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/config/settings/base.py b/config/settings/base.py
index 45097ab5..49fa4e79 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -90,6 +90,15 @@
 # https://docs.djangoproject.com/en/dev/ref/settings/#installed-apps
 INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS
 
+CORS_ALLOW_HEADERS = [
+    "accept",
+    "authorization",
+    "content-type",
+    "user-agent",
+    "x-csrftoken",
+    "x-requested-with",
+]
+
 CORS_ALLOWED_ORIGINS = [
     "http://localhost:3000",
     "http://sde-lrm.nasa-impact.net",
@@ -146,6 +155,7 @@
 # https://docs.djangoproject.com/en/dev/ref/settings/#middleware
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
+    "corsheaders.middleware.CorsMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.locale.LocaleMiddleware",
     "django.middleware.common.CommonMiddleware",
@@ -153,7 +163,6 @@
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
-    "corsheaders.middleware.CorsMiddleware",
     "allauth.account.middleware.AccountMiddleware",
 ]