Angel/fix cors error swagger (#32)

* Feat: write a return message * fix: upgradeCORS params for swagger
Angel-Dijoux · Jan 16, 2024 · c6b128e · c6b128e
1 parent 5448e6c
commit c6b128e
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/src/config/swagger.py b/src/config/swagger.py
@@ -36,11 +36,7 @@ def get_swagger_api_spec(
 swagger_config = {
     "host": ["localhost:5005" if is_dev() else "api.nc-elki.v6.army"],
     "schemes": ["http" if is_dev() else "https"],
-    "headers": [
-        ("Access-Control-Allow-Origin", "*"),
-        ("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"),
-        ("Access-Control-Allow-Credentials", "true"),
-    ],
+    "headers": [],
     "specs": [
         {
             "endpoint": "apispec",

diff --git a/src/middlewares.py b/src/middlewares.py
@@ -1,5 +1,7 @@
 from flask import Response
 
+from src.constants.env import is_dev
+
 
 def add_security_headers(response: Response) -> Response:
     response.headers.add("X-Content-Type-Options", "nosniff")
@@ -10,6 +12,14 @@ def add_security_headers(response: Response) -> Response:
     response.headers.add(
         "Access-Control-Allow-Methods", ",".join(["GET", "POST", "DELETE"])
     )
+    response.headers.add(
+        "Access-Control-Allow-Origin",
+        "".join(
+            ["http://127.0.0.1:5005" if is_dev() else "https://api.nc-elki.v6.army"]
+        ),
+    )
+    response.headers.add("Access-Control-Allow-Headers", "Authorization, Content-Type")
+    response.headers.add("Access-Control-Max-Age", "1728000")
     response.headers.add("X-XSS-Protection", "1; mode=block")
     response.headers.set("Server", "Jojo's")