Improve flask cors and update settings

Author: cslzchen

api/base/settings/defaults.py

@@ -217,6 +217,10 @@
 # Set dynamically on app init
 ORIGINS_WHITELIST = ()
 
+# CORS settings for flask app
+FLASK_CORS_ORIGIN_WHITELIST = CORS_ORIGIN_WHITELIST
+FLASK_CORS_ALLOW_CREDENTIALS = CORS_ALLOW_CREDENTIALS
+
 MIDDLEWARE = (
     'api.base.middleware.DjangoGlobalMiddleware',
     'api.base.middleware.CeleryTaskMiddleware',

api/base/settings/local-dist.py

@@ -7,6 +7,8 @@
 ENABLE_VARNISH = False
 ENABLE_ESI = False
 CORS_ORIGIN_ALLOW_ALL = True
+FLASK_CORS_ORIGIN_WHITELIST += (osf_settings.LOCAL_ANGULAR_DOMAIN.rstrip('/'),)
+FLASK_CORS_ALLOW_CREDENTIALS = True
 
 # Uncomment to get real tracebacks while testing
 # DEBUG_PROPAGATE_EXCEPTIONS = True

website/app.py

@@ -1,4 +1,4 @@
-from flask_cors import CORS
+from flask_cors import CORS as FLASK_CORS
 
 import framework
 import importlib
@@ -9,7 +9,7 @@
 
 import django
 
-from api.base.settings import CORS_ORIGIN_WHITELIST
+from api.base.settings import FLASK_CORS_ALLOW_CREDENTIALS, FLASK_CORS_ORIGIN_WHITELIST
 from api.caching import listeners  # noqa
 from django.apps import apps
 from framework.addons.utils import render_addon_capabilities
@@ -93,7 +93,9 @@ def init_app(settings_module='website.settings', set_backends=True, routes=True,
     if app.config.get('IS_INITIALIZED', False) is True:
         return app
 
-    CORS(app, supports_credentials=True, origins=CORS_ORIGIN_WHITELIST)
+    # Setup CORS for flask app
+    FLASK_CORS(app, supports_credentials=FLASK_CORS_ALLOW_CREDENTIALS, origins=FLASK_CORS_ORIGIN_WHITELIST)
+
     setup_django()
 
     # The settings module

website/settings/local-dist.py

@@ -19,6 +19,7 @@
 DOMAIN = PROTOCOL + 'localhost:5000/'
 INTERNAL_DOMAIN = DOMAIN
 API_DOMAIN = PROTOCOL + 'localhost:8000/'
+LOCAL_ANGULAR_DOMAIN = PROTOCOL + 'localhost:4200/'
 
 #WATERBUTLER_URL = 'http://localhost:7777'
 #WATERBUTLER_INTERNAL_URL = WATERBUTLER_URL