Full React Support

[swainn]

PR #824 adds experimental support for React-based Tethys apps. This issue documents what needs to be done to make it a fully supported feature:

• [ ] Add production configuration tutorial. Some settings that may need to be set include (based on recommendations from this tutorial):

# Cookie Settings
CSRF_COOKIE_SAMESITE = 'Lax'
SESSION_COOKIE_SAMESITE = 'Lax'

# Prevent JavaScript from accessing CSRF and session cookies
# NOTE: This will probably break scripts that use the cookie to get the CSRF token
CSRF_COOKIE_HTTPONLY = True
SESSION_COOKIE_HTTPONLY = True

# Production only
CSRF_COOKIE_SECURE = not DEBUG
SESSION_COOKIE_SECURE = not DEBUG

# CORS Header Settings
CORS_ALLOWED_ORIGINS = [
    'http://localhost:8080',
    'http://127.0.0.1:8080',
]

CORS_EXPOSE_HEADERS = [
    'Content-Type',
    'X-CSRFToken',
]

CORS_ALLOW_CREDENTIALS = True

• [ ] Tutorial / Documentation
• [ ] Node dependency management - how do we keep this from getting out of date really fast?

[swainn]

See #970 as an alternative for React support in Tethys.