new supervisor step2

config/settings.py

@@ -53,10 +53,14 @@ INSTALLED_APPS = [
     'leaflet',
     'leaflet_admin_list',
     'rog.apps.RogConfig',
+    'corsheaders',  # added
     'django_filters'
 ]
 
 MIDDLEWARE = [
+    'corsheaders.middleware.CorsMiddleware',  # できるだけ上部に
+    'django.middleware.common.CommonMiddleware',
+
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
@@ -68,6 +72,43 @@ MIDDLEWARE = [
 
 ROOT_URLCONF = 'config.urls'
 
+CORS_ALLOW_ALL_ORIGINS = True  # 開発環境のみ
+CORS_ALLOW_CREDENTIALS = True
+
+CORS_ALLOWED_METHODS = [
+    'GET',
+    'POST',
+    'PUT',
+    'PATCH',
+    'DELETE',
+    'OPTIONS'
+]
+CORS_ALLOWED_HEADERS = [
+    'accept',
+    'accept-encoding',
+    'authorization',
+    'content-type',
+    'dnt',
+    'origin',
+    'user-agent',
+    'x-csrftoken',
+    'x-requested-with',
+]
+
+# 本番環境では以下のように制限する
+CORS_ALLOWED_ORIGINS = [
+     "https://rogaining.sumasen.net",
+     "http://rogaining.sumasen.net",
+]
+
+# CSRFの設定
+CSRF_TRUSTED_ORIGINS = [
+    "http://rogaining.sumasen.net",
+    "https://rogaining.sumasen.net",
+]
+
+
+
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
@@ -231,11 +272,15 @@ LOGGING = {
         'level': 'DEBUG',
     },
     'loggers': {
-        #'django': {
-        #    'handlers': ['console'],
-        #    'level': 'INFO',
-        #    'propagate': False,
-        #},
+        'django': {
+            'handlers': ['console'],
+            'level': 'INFO',
+            'propagate': False,
+        },
+        'django.request': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+        },
         'rog': {
             #'handlers': ['file','console'],
             'handlers': ['console'],