From 3a5fa3c72bced8b5de94c0fb6aebeed69ae0c99f Mon Sep 17 00:00:00 2001
From: Egor fureunoir Gorbunov <contact@fureunoir.com>
Date: Wed, 12 Nov 2025 13:08:37 +0300
Subject: [PATCH] Features: 1) Add 'origin' and 'referer' headers to the
 allowed headers list in settings.

Fixes:
1) Correct order of existing headers for better readability and maintainability.

Extra:
1) General cleanup in `evibes/settings/base.py`.
---
 evibes/settings/base.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/evibes/settings/base.py b/evibes/settings/base.py
index 30ea4dfc..6a4c4819 100644
--- a/evibes/settings/base.py
+++ b/evibes/settings/base.py
@@ -71,23 +71,23 @@ CORS_ALLOW_HEADERS = (
     "accept",
     "accept-encoding",
     "accept-language",
-    "content-type",
-    "connection",
-    "user-agent",
     "authorization",
-    "host",
-    "x-csrftoken",
-    "x-requested-with",
-    "x-evibes-vibes_auth",
     "baggage",
-    "sentry-trace",
+    "connection",
+    "content-type",
     "dnt",
+    "host",
+    "origin",
+    "referer",
     "sec-fetch-dest",
     "sec-fetch-mode",
     "sec-fetch-site",
     "sec-gpc",
-    "origin",
-    "referer",
+    "sentry-trace",
+    "user-agent",
+    "x-csrftoken",
+    "x-evibes-auth",
+    "x-requested-with",
 )
 
 USE_X_FORWARDED_HOST = True