(re)added cors to public api

master
Kevin Froman 2020-09-30 07:45:14 +00:00
parent ab9726a41a
commit 5abe4cf704
1 changed files with 4 additions and 0 deletions

View File

@ -63,16 +63,20 @@ class PublicAPISecurity:
resp = httpheaders.set_default_onionr_http_headers(resp) resp = httpheaders.set_default_onionr_http_headers(resp)
# Network API version # Network API version
resp.headers['X-API'] = public_api.API_VERSION resp.headers['X-API'] = public_api.API_VERSION
resp.headers['Access-Control-Allow-Origin'] = "*"
# Delete some HTTP headers for Onionr user agents # Delete some HTTP headers for Onionr user agents
NON_NETWORK_HEADERS = ( NON_NETWORK_HEADERS = (
'Content-Security-Policy', 'X-Frame-Options', 'Content-Security-Policy', 'X-Frame-Options',
'X-Content-Type-Options', 'Feature-Policy', 'X-Content-Type-Options', 'Feature-Policy',
'Clear-Site-Data', 'Referrer-Policy') 'Clear-Site-Data', 'Referrer-Policy')
# For other nodes, we don't need to waste bits on the above headers
try: try:
if g.is_onionr_client: if g.is_onionr_client:
for header in NON_NETWORK_HEADERS: for header in NON_NETWORK_HEADERS:
del resp.headers[header] del resp.headers[header]
else:
del resp.headers['X-API']
except AttributeError: except AttributeError:
abort(403) abort(403)