Added csrf token getting django api endpoint and include i18n endpoin…

…t in CORS allow

amelie/api/authentication.py

@@ -6,6 +6,11 @@
 from amelie.api.decorators import authentication_optional, authentication_required
 from amelie.api.exceptions import NotLoggedInError
 
+from django.http import JsonResponse
+from django.views.decorators.csrf import ensure_csrf_cookie
+from django.middleware.csrf import get_token
+from django.views.decorators.http import require_GET
+
 from modernrpc.core import rpc_method, REQUEST_KEY
 
 
@@ -129,3 +134,9 @@ def get_authenticated_apps(**kwargs) -> Union[List[Dict], None]:
     else:
         return None
 
+@require_GET
+@ensure_csrf_cookie  # Ensures the CSRF cookie is set
+def get_csrf_token(request):
+    response = JsonResponse({"message": "CSRF cookie set"})
+    response["X-CSRFToken"] = get_token(request)  # Send CSRF token in headers
+    return response

amelie/api/urls.py

@@ -4,6 +4,7 @@
 from modernrpc.views import RPCEntryPoint
 
 from amelie.companies.views import vivatbanner_get
+from amelie.api.authentication import get_csrf_token
 
 app_name = 'api'
 
@@ -12,4 +13,5 @@
     path('', RPCEntryPoint.as_view(protocol=Protocol.JSON_RPC), name="jsonrpc_mountpoint"),
     path('docs/', RPCEntryPoint.as_view(enable_doc=True, enable_rpc=False, template_name="api/doc_index.html")),
     path('vivat_banners/', vivatbanner_get, name='vivatbanner_get'),
+	path('csrf-token/', get_csrf_token, name='get_csrf_token'),
 ]

amelie/settings/generic.py

@@ -379,7 +379,7 @@
 
 # Allow Cross Origin requests, but only on the API.
 CORS_ORIGIN_ALLOW_ALL = True
-CORS_URLS_REGEX = r'^/api/.*$'
+CORS_URLS_REGEX = r'^(/api/.*|/i18n/setlang/)$'
 
 # Increase the maximum file upload count to 1000, to allow large batches of pictures to be uploaded
 DATA_UPLOAD_MAX_NUMBER_FILES = 1000