From ecf3a01dcb004a2a1b2f703f735a7c61f07a9295 Mon Sep 17 00:00:00 2001 From: Sander Ferdinand Date: Thu, 25 Oct 2018 20:47:31 +0200 Subject: [PATCH] Add CORS for the API endpoints --- funding/bin/utils_request.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/funding/bin/utils_request.py b/funding/bin/utils_request.py index d7e968a..26f1dab 100644 --- a/funding/bin/utils_request.py +++ b/funding/bin/utils_request.py @@ -1,10 +1,11 @@ from datetime import datetime -from flask import session, g +from flask import session, g, request import settings from funding.bin.utils import Summary from funding.factory import app, db_session from funding.orm.orm import Proposal, User, Comment + @app.context_processor def templating(): from flask.ext.login import current_user @@ -19,15 +20,21 @@ def templating(): recent_comments=recent_comments, newest_users=newest_users) + @app.before_request def before_request(): pass + @app.after_request def after_request(res): if hasattr(g, 'funding_prices'): delattr(g, 'funding_prices') res.headers.add('Accept-Ranges', 'bytes') + + if request.full_path.startswith('/api/'): + res.headers.add('Access-Control-Allow-Origin', '*') + if settings.DEBUG: res.headers['Cache-Control'] = 'no-cache, no-store, must-revalidate' res.headers['Pragma'] = 'no-cache' @@ -35,10 +42,12 @@ def after_request(res): res.headers['Cache-Control'] = 'public, max-age=0' return res + @app.teardown_appcontext def shutdown_session(**kwargs): db_session.remove() + @app.errorhandler(404) def error(err): - return 'Error', 404 \ No newline at end of file + return 'Error', 404