'Access-Control-Allow-Credentials' not included in Settings.py - Causing CORS error

fanout / django-eventstream

Server-Sent Events for Django

MIT License

650 stars 85 forks source link

'Access-Control-Allow-Credentials' not included in Settings.py - Causing CORS error #25

Closed RickyV33 closed 5 years ago

RickyV33 commented 5 years ago

Digging through your source code, it looks like there's a settings.py parameter for setting an allowed origin (EVENTSTREAM_ALLOW_ORIGIN). There doesn't seem to be an option for setting 'Access-Control-Allow-Credentials' to True, though. I can open up a PR for this if you'd like.

jkarneges commented 5 years ago

Sure, that would be great.

Ideally something like django-cors-headers could be made to work so that we don't need our own CORS code, but mixing such libraries with ASGI is tricky.

RickyV33 commented 5 years ago

Awesome. Would adding functionality similar to how you have EVENTSTREAM_ALLOW_ORIGIN operating now be okay in the interim?

jkarneges commented 5 years ago

Yep!