Skip to content

Commit

Permalink
enable CORS in cfc_webapp
Browse files Browse the repository at this point in the history
This is necessary for e-mission/e-mission-phone#1169 to be able to make requests to the server from a browser
  • Loading branch information
JGreenlee committed Aug 28, 2024
1 parent dea6ff4 commit 154a9e0
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions emission/net/api/cfc_webapp.py
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,18 @@ def after_request():
msTimeNow, duration)
stats.store_server_api_time(request.params.user_uuid, "%s_%s_cputime" % (request.method, request.path),
msTimeNow, new_duration)

# add headers to allow CORS (Cross-Origin Resource Sharing)
# Note: this is only needed for requests made from browsers (i.e. JavaScript fetch)
# Requests made from native phone code do not have rules about CORS
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'

# generic route accepting OPTIONS method, needed for CORS preflight
@route('/<:re:.*>', method='OPTIONS')
def enable_cors_generic_route():
pass

# Auth helpers BEGIN
# This should only be used by createUserProfile since we may not have a UUID
Expand Down

0 comments on commit 154a9e0

Please sign in to comment.