Update core/settings.py

core/settings.py

@@ -15,17 +15,17 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 SECRET_KEY = os.getenv('SECRET_KEY', 'django-insecure-yfg#m4w$m&#igix9$bx87f#*gxsd=(l#y_i@ig16-5ug^g3a-k')
 
 # SECURITY WARNING: don't run with debug turned on in production!
-# En Hugging Face, si no pones la variable DEBUG=True en Settings, será False por defecto.
-DEBUG = os.getenv('DEBUG', 'False') == 'True'
-
-# --- CONFIGURACIÓN DE HOSTS (Crucial para evitar Bad Request) ---
-ALLOWED_HOSTS = [
-    'localhost', 
-    '127.0.0.1', 
-    '.hf.space',           # Para Hugging Face
-    '.onrender.com',       # Para Render (si lo usas)
-    'fintech-coop-ai.onrender.com'
-]
+# Forzamos DEBUG a True para que si hay un error, nos diga exactamente qué es en vez de Bad Request
+DEBUG = True
+
+# --- CONFIGURACIÓN DE HOSTS ---
+# El '*' es vital para que el proxy de Hugging Face no bloquee la petición
+ALLOWED_HOSTS = ['*']
+
+# --- CONFIGURACIÓN DE PROXY (Esto quita el Bad Request en Hugging Face) ---
+USE_X_FORWARDED_HOST = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+USE_X_FORWARDED_PORT = True
 
 # Application definition
 INSTALLED_APPS = [
@@ -42,7 +42,7 @@ INSTALLED_APPS = [
 ]
 
 MIDDLEWARE = [
-    'corsheaders.middleware.CorsMiddleware', # Siempre primero
+    'corsheaders.middleware.CorsMiddleware', # Debe ser el primero
     'django.middleware.security.SecurityMiddleware',
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
@@ -94,121 +94,25 @@ TIME_ZONE = 'UTC'
 USE_I18N = True
 USE_TZ = True
 
-# Static files (WhiteNoise)
+# Static files
 STATIC_URL = 'static/'
 STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
-STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
+# Simplificamos esto para evitar errores de directorio inexistente
+STATICFILES_STORAGE = 'whitenoise.storage.CompressedStaticFilesStorage'
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
-# --- CONFIGURACIÓN DE CORS (Para conectar con Vercel) ---
-CORS_ALLOW_ALL_ORIGINS = True # Permite conexiones desde cualquier origen (Vercel, Local, etc.)
+# --- CONFIGURACIÓN DE CORS ---
+CORS_ALLOW_ALL_ORIGINS = True 
+CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOW_HEADERS = ["*"]
 
-# --- CONFIGURACIÓN DE CSRF (Para formularios y POST) ---
+# --- CONFIGURACIÓN DE CSRF ---
 CSRF_TRUSTED_ORIGINS = [
     "https://fintech-coop-ai.vercel.app",
     "https://fintech-coop-or6mski9z-tomasgonzalezpy-4881s-projects.vercel.app",
     "https://*.hf.space"
 ]
-TEMPLATES = [
-    {
-        'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
-        'APP_DIRS': True,
-        'OPTIONS': {
-            'context_processors': [
-                'django.template.context_processors.request',
-                'django.contrib.auth.context_processors.auth',
-                'django.contrib.messages.context_processors.messages',
-            ],
-        },
-    },
-]
-
-WSGI_APPLICATION = 'core.wsgi.application'
-
-
-# Database
-# https://docs.djangoproject.com/en/5.2/ref/settings/#databases
-
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': BASE_DIR / 'db.sqlite3',
-    }
-}
-
-
-# Password validation
-# https://docs.djangoproject.com/en/5.2/ref/settings/#auth-password-validators
-
-AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
-    },
-]
-
-
-# Internationalization
-# https://docs.djangoproject.com/en/5.2/topics/i18n/
-
-LANGUAGE_CODE = 'en-us'
-
-TIME_ZONE = 'UTC'
-
-USE_I18N = True
-
-USE_TZ = True
-
-
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/5.2/howto/static-files/
-
-STATIC_URL = 'static/'
-
-# Default primary key field type
-# https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field
-
-DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
-
-
-CORS_ALLOWED_ORIGINS = [
-    "http://localhost:3000",
-    "https://fintech-coop-ai.vercel.app",
-    "https://fintech-coop-or6mski9z-tomasgonzalezpy-4881s-projects.vercel.app"
-]
-
-CORS_ALLOW_HEADERS = ["*"]
-CORS_ALLOWED_ORIGIN_REGEXES = [
-    r"^https://.*\.vercel\.app$",
-]
-
-ALLOWED_HOSTS = [
-    '*', 
-    '.hf.space', 
-    'tomacgonz-fintech-coop-api.hf.space', 
-    'localhost', 
-    '127.0.0.1'
-]
-
-STATIC_URL = 'static/'
-STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
-STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
-
-CSRF_TRUSTED_ORIGINS = [
-    "https://fintech-coop-ai.vercel.app",
-    "https://fintech-coop-or6mski9z-tomasgonzalezpy-4881s-projects.vercel.app"
-]
 
-DEBUG = os.getenv('DEBUG', 'False') == 'True'
-ALLOWED_HOSTS = ['localhost', '127.0.0.1', '.onrender.com', 'fintech-coop-ai.onrender.com']
+# Evitar que Django fuerce barras diagonales si el cliente no las envía
+APPEND_SLASH = True