Allow all CORS origins for IIIF endpoints
To build IIIF demos using external tools, we need to reference Arkindex IIIF manifests from any URL. This is currently impossible due to restrictive CORS headers (on allow origin); which is good overall except for this use case.
CORS headers are already configured by Arkindex using django-cors-headers, so we simply need to configure it in a way that still blocks requests everywhere, except for these urls:
/api/v1/iiif/<uuid:pk>/manifest/
/api/v1/iiif/<uuid:pk>/list/transcriptions/
It's apparently doable using signals.
Example code from signals doc from django-cors-headers:
from corsheaders.signals import check_request_enabled
def cors_allow_api_to_everyone(sender, request, **kwargs):
return request.path.startswith("/api/")
check_request_enabled.connect(cors_allow_api_to_everyone)