From c6b128ed940e9975663fb3f5fc9aafb941f3c908 Mon Sep 17 00:00:00 2001 From: Angel Dijoux <77701490+Angel-Dijoux@users.noreply.github.com> Date: Tue, 16 Jan 2024 23:54:37 +0100 Subject: [PATCH] Angel/fix cors error swagger (#32) * Feat: write a return message * fix: upgradeCORS params for swagger --- src/config/swagger.py | 6 +----- src/middlewares.py | 10 ++++++++++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/config/swagger.py b/src/config/swagger.py index b476efc..274732d 100644 --- a/src/config/swagger.py +++ b/src/config/swagger.py @@ -36,11 +36,7 @@ def get_swagger_api_spec( swagger_config = { "host": ["localhost:5005" if is_dev() else "api.nc-elki.v6.army"], "schemes": ["http" if is_dev() else "https"], - "headers": [ - ("Access-Control-Allow-Origin", "*"), - ("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"), - ("Access-Control-Allow-Credentials", "true"), - ], + "headers": [], "specs": [ { "endpoint": "apispec", diff --git a/src/middlewares.py b/src/middlewares.py index 137db54..a94664b 100644 --- a/src/middlewares.py +++ b/src/middlewares.py @@ -1,5 +1,7 @@ from flask import Response +from src.constants.env import is_dev + def add_security_headers(response: Response) -> Response: response.headers.add("X-Content-Type-Options", "nosniff") @@ -10,6 +12,14 @@ def add_security_headers(response: Response) -> Response: response.headers.add( "Access-Control-Allow-Methods", ",".join(["GET", "POST", "DELETE"]) ) + response.headers.add( + "Access-Control-Allow-Origin", + "".join( + ["http://127.0.0.1:5005" if is_dev() else "https://api.nc-elki.v6.army"] + ), + ) + response.headers.add("Access-Control-Allow-Headers", "Authorization, Content-Type") + response.headers.add("Access-Control-Max-Age", "1728000") response.headers.add("X-XSS-Protection", "1; mode=block") response.headers.set("Server", "Jojo's")