feat: expose more CORS related configurations via environment variables

With the current django configurations exposed, it was not possible to
deploy and use caluma in a CORS scenario.  With this change more CORS
header configurations are exposed via environment variables. Furthermore
it enhances the django default values with some caluma required stuff
like the language header.

caluma/settings/django.py

@@ -130,6 +130,24 @@ def parse_admins(admins):  # pragma: no cover
 # Cors headers
 CORS_ORIGIN_ALLOW_ALL = env.bool("CORS_ORIGIN_ALLOW_ALL", default=False)
 CORS_ORIGIN_WHITELIST = env.list("CORS_ORIGIN_WHITELIST", default=[])
+CORS_ALLOW_CREDENTIALS = env.bool("CORS_ALLOW_CREDENTIALS", default=True)
+CORS_ALLOW_HEADERS = env.list(
+    "CORS_ALLOW_HEADERS",
+    default=[
+        "accept",
+        "accept-encoding",
+        "accept-language",  # Custom added default value since ember-caluma uses it
+        "authorization",
+        "content-type",
+        "dnt",
+        "origin",
+        "user-agent",
+        "language",  # Custom added default value since ember-caluma uses it
+        "x-csrftoken",
+        "x-requested-with",
+    ],
+)
+CORS_ALLOW_METHODS = env.list("CORS_ALLOW_METHODS", default=["OPTIONS", "GET", "POST"])
 
 
 # Logging