diff --git a/contracts/urls.py b/contracts/urls.py
index ad007273f7ea797d39af2fb697e3936a2e3f95ed..b0fe3a61e6685e514cb5bfb8d5157b46ce5fc0e1 100644
--- a/contracts/urls.py
+++ b/contracts/urls.py
@@ -109,4 +109,10 @@ urlpatterns = [
dal.autocomplete.Select2QuerySetView.as_view(model=models.ContracteeSignature),
name="select2_djhacker_contractee_signature_autocomplete",
),
+
+ path(
+ "ares-info-proxy/<int:ico>",
+ views.get_ares_info,
+ name="get_ares_info",
+ )
]
diff --git a/contracts/views.py b/contracts/views.py
index d047b3bc45eeebb4653e2f964ec55308be27223b..9a95bed328ae04166f7d1241334630c9eb2f8711 100644
--- a/contracts/views.py
+++ b/contracts/views.py
@@ -1,6 +1,10 @@
+import requests
+
from django.conf import settings
from django.core.paginator import Paginator
+from django.http import HttpResponse
from django.shortcuts import render
+from django_http_exceptions import HTTPExceptions
from django_downloadview import ObjectDownloadView
from guardian.shortcuts import get_objects_for_user
@@ -368,3 +372,19 @@ def view_signees(request):
# END Submodel listing views
+
+
+# ARES CORS proxy
+def get_ares_info(request, ico: int):
+ if not request.user.is_staff:
+ raise HTTPExceptions.FORBIDDEN
+
+ ares_info = requests.get(
+ f"https://wwwinfo.mfcr.cz/cgi-bin/ares/darv_std.cgi?ico={ico}"
+ )
+
+ return HttpResponse(
+ content=ares_info.content,
+ status=ares_info.status_code,
+ content_type=ares_info.headers.get("Content-Type")
+ )
diff --git a/static_src/admin/signee_form.js b/static_src/admin/signee_form.js
index 4d0acaee61c9516ab923b33c9ab7d99f6ed8bfd1..f15a9c866f2401767c4bc4a1fdd07e97765a1349 100644
--- a/static_src/admin/signee_form.js
+++ b/static_src/admin/signee_form.js
@@ -88,7 +88,7 @@ $(window).ready(
const icoValue = $("#id_ico_number").val();
const rawAresXMLResponse = await fetch(
- `https://wwwinfo.mfcr.cz/cgi-bin/ares/darv_std.cgi?ico=${icoValue}`
+ `/ares-info-proxy/${icoValue}`
);
if (!rawAresXMLResponse.ok) {