Re-add accidentally removed CORS middleware

[dhruvkb]

Fixes

This PR re-adds the accidentally removed CORS middleware. The absence of this middleware prevents cross-origin requests which consequently prevents using the local API as the server for the frontend.

This was reported by @AetherUnbound.

Description

This PR

• adds corsheaders.middleware.CorsMiddleware to MIDDLEWARE
• prevents duplication of INSTALLED_APPS and middleware when inheriting between settings files

Testing Instructions

0. Check out this PR and run the dev server: just api/up

1. Check that the CORS headers are applied.

   $ curl -v -H "Origin: http://localhost:50280/" "http://localhost:50280/"
   

Checklist

• My pull request has a descriptive title (not a vague title likeUpdate index.md).
• My pull request targets the default branch of the repository (main) or a parent feature branch.
• My commit messages follow best practices.
• My code follows the established code style of the repository.
• I added or updated tests for the changes I made (if applicable).
• I added or updated documentation (if applicable).
• I tried running the project locally and verified that there are no visible errors.
• I ran the DAG documentation generator (if applicable).

Developer Certificate of Origin

Developer Certificate of Origin

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

[krysal]

@dhruvkb Could you explain the motivation of these changes since there is no issue linked?

[dhruvkb]

@krysal good point, sorry about that. I updated the description with the problem this PR is aiming to fix.

[krysal]

Nice! Thank you. LGTM!

[AetherUnbound]

This works great! I was able to test this using both curl -L -v -H "Origin: http://localhost:8443/" "http://localhost:50280/" and running the API and frontend with env API_URL="http://0.0.0.0:50280" just frontend/run dev. I have a few comments but nothing blocking 😄

[AetherUnbound]

Based on the comment, did we actually want to remove this?

[dhruvkb]

I didn't try to understand or change this bit. It was added by @zackkrida in #945.

[zackkrida]

Yeah this enables the middleware which lets us log all DB queries, so we should keep it!

[AetherUnbound]

Would it make sense to make INSTALLED_APPS and MIDDLEWARE sets so we could just call .add, or is order important?

[dhruvkb]

The order is important. For example, the CORS middleware specifies that it should be set as early in the list as possible, hence https://github.com/WordPress/openverse/pull/2075/files#diff-1e4c90df768f3514290795d5e58d3b561644bd37e4dfdb9938b60083dd062d30R45