From d315476fb81382dd2a0902a01b5764b4d723805b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carl=20Sch=C3=B6nfelder?= <carl@schonfelder.se>
Date: Wed, 31 Mar 2021 08:35:46 +0200
Subject: [PATCH] fix: cors

---
 server/app/__init__.py  | 8 +++++++-
 server/app/apis/auth.py | 7 ++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/server/app/__init__.py b/server/app/__init__.py
index 7b5a8add..276e4552 100644
--- a/server/app/__init__.py
+++ b/server/app/__init__.py
@@ -1,4 +1,5 @@
 from flask import Flask, redirect, request
+from flask_cors import CORS
 
 import app.core.models as models
 from app.core import bcrypt, db, jwt
@@ -8,7 +9,6 @@ def create_app(config_name="configmodule.DevelopmentConfig"):
     app = Flask(__name__)
     app.config.from_object(config_name)
     app.url_map.strict_slashes = False
-
     with app.app_context():
 
         bcrypt.init_app(app)
@@ -25,6 +25,12 @@ def create_app(config_name="configmodule.DevelopmentConfig"):
             if rp != "/" and rp.endswith("/"):
                 return redirect(rp[:-1])
 
+        @app.after_request
+        def set_core(response):
+            header = response.headers
+            header["Access-Control-Allow-Origin"] = "*"
+            return response
+
         return app
 
 
diff --git a/server/app/apis/auth.py b/server/app/apis/auth.py
index 06706127..a425f904 100644
--- a/server/app/apis/auth.py
+++ b/server/app/apis/auth.py
@@ -11,7 +11,7 @@ from flask_jwt_extended import (
     jwt_refresh_token_required,
     jwt_required,
 )
-from flask_restx import Namespace, Resource
+from flask_restx import Namespace, Resource, cors
 
 api = Namespace("auth")
 
@@ -23,6 +23,7 @@ def get_user_claims(item_user):
 @api.route("/signup")
 class AuthSignup(Resource):
     @jwt_required
+    @cors.crossdomain(origin="*")
     def post(self):
         args = create_user_parser.parse_args(strict=True)
         email = args.get("email")
@@ -44,6 +45,7 @@ class AuthSignup(Resource):
 @api.param("ID")
 class AuthDelete(Resource):
     @jwt_required
+    @cors.crossdomain(origin="*")
     def delete(self, ID):
         item_user = User.query.filter(User.id == ID).first()
         dbc.delete(item_user)
@@ -55,6 +57,7 @@ class AuthDelete(Resource):
 
 @api.route("/login")
 class AuthLogin(Resource):
+    @cors.crossdomain(origin="*")
     def post(self):
         args = login_parser.parse_args(strict=True)
         email = args.get("email")
@@ -74,6 +77,7 @@ class AuthLogin(Resource):
 @api.route("/logout")
 class AuthLogout(Resource):
     @jwt_required
+    @cors.crossdomain(origin="*")
     def post(self):
         jti = get_raw_jwt()["jti"]
         dbc.add.blacklist(jti)
@@ -84,6 +88,7 @@ class AuthLogout(Resource):
 class AuthRefresh(Resource):
     @jwt_required
     @jwt_refresh_token_required
+    @cors.crossdomain(origin="*")
     def post(self):
         old_jti = get_raw_jwt()["jti"]
 
-- 
GitLab