Add CORS middleware for webapp development

Otherwise it won't work because the API server listens on 127.0.0.1,
not localhost.
The right fix is probably to set the nodejs server to start on
127.0.0.1, though.
Figure this out later.

Change-Id: I260e794e8ff842f6b854d313d6c243e431220fcd

ara/server/settings.py

@@ -28,6 +28,7 @@ INSTALLED_APPS = [
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'corsheaders',
     'rest_framework',
     'ara.api'
 ]
@@ -35,6 +36,7 @@ INSTALLED_APPS = [
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
@@ -44,6 +46,12 @@ MIDDLEWARE = [
 
 CORS_ORIGIN_ALLOW_ALL = True
 
+# Django built-in server and npm development server
+CORS_ORIGIN_WHITELIST = (
+    '127.0.0.1:8000',
+    'localhost:3000',
+)
+
 ROOT_URLCONF = 'ara.server.urls'
 APPEND_SLASH = False
 

requirements.txt

@@ -2,4 +2,5 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0
 
 Django>=2
 djangorestframework
+django-cors-headers
 envparse