(re)added cors to public api
parent
ab9726a41a
commit
5abe4cf704
|
@ -63,16 +63,20 @@ class PublicAPISecurity:
|
||||||
resp = httpheaders.set_default_onionr_http_headers(resp)
|
resp = httpheaders.set_default_onionr_http_headers(resp)
|
||||||
# Network API version
|
# Network API version
|
||||||
resp.headers['X-API'] = public_api.API_VERSION
|
resp.headers['X-API'] = public_api.API_VERSION
|
||||||
|
resp.headers['Access-Control-Allow-Origin'] = "*"
|
||||||
# Delete some HTTP headers for Onionr user agents
|
# Delete some HTTP headers for Onionr user agents
|
||||||
NON_NETWORK_HEADERS = (
|
NON_NETWORK_HEADERS = (
|
||||||
'Content-Security-Policy', 'X-Frame-Options',
|
'Content-Security-Policy', 'X-Frame-Options',
|
||||||
'X-Content-Type-Options', 'Feature-Policy',
|
'X-Content-Type-Options', 'Feature-Policy',
|
||||||
'Clear-Site-Data', 'Referrer-Policy')
|
'Clear-Site-Data', 'Referrer-Policy')
|
||||||
|
|
||||||
|
# For other nodes, we don't need to waste bits on the above headers
|
||||||
try:
|
try:
|
||||||
if g.is_onionr_client:
|
if g.is_onionr_client:
|
||||||
for header in NON_NETWORK_HEADERS:
|
for header in NON_NETWORK_HEADERS:
|
||||||
del resp.headers[header]
|
del resp.headers[header]
|
||||||
|
else:
|
||||||
|
del resp.headers['X-API']
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue