Add CORS and CSRF configuration for frontend-backend connection

.env.production

@@ -10,6 +10,9 @@ ALLOWED_HOSTS=localhost,127.0.0.1,.hf.space
 # CORS - Autoriser le frontend Hugging Face
 CORS_ALLOWED_ORIGINS=https://rinogeek-edulabfrontend.hf.space
 
+# CSRF - Autoriser les origines de confiance
+CSRF_TRUSTED_ORIGINS=https://rinogeek-edulabfrontend.hf.space,https://rinogeek-edulabbackend.hf.space
+
 # Database - SQLite par défaut (pas de DB_HOST = utilise SQLite)
 # Pour PostgreSQL, décommentez et configurez :
 # DB_NAME=educonnect_db

educonnect/settings.py

@@ -185,6 +185,14 @@ CORS_ALLOWED_ORIGINS = config(
     default='http://localhost:3000,http://localhost:5173,http://localhost:3001,https://rinogeek-edulabfrontend.hf.space'
 ).split(',')
 CORS_ALLOW_CREDENTIALS = True
+CORS_ALLOW_METHODS = [
+    'DELETE',
+    'GET',
+    'OPTIONS',
+    'PATCH',
+    'POST',
+    'PUT',
+]
 CORS_ALLOW_HEADERS = [
     'accept',
     'accept-encoding',
@@ -196,6 +204,14 @@ CORS_ALLOW_HEADERS = [
     'x-csrftoken',
     'x-requested-with',
 ]
+# Allow preflight requests to be cached
+CORS_PREFLIGHT_MAX_AGE = 86400
+
+# CSRF Configuration - Trust frontend origins
+CSRF_TRUSTED_ORIGINS = config(
+    'CSRF_TRUSTED_ORIGINS',
+    default='http://localhost:3000,http://localhost:5173,https://rinogeek-edulabfrontend.hf.space,https://rinogeek-edulabbackend.hf.space'
+).split(',')
 
 # Channels Configuration (WebSockets)
 CHANNEL_LAYERS = {