From 5abe4cf704b194a200e6454d652bb14a38811b4a Mon Sep 17 00:00:00 2001
From: Kevin Froman <beardog@mailbox.org>
Date: Wed, 30 Sep 2020 07:45:14 +0000
Subject: [PATCH] (re)added cors to public api

---
 src/httpapi/security/public.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/httpapi/security/public.py b/src/httpapi/security/public.py
index f38a5278..ac171342 100644
--- a/src/httpapi/security/public.py
+++ b/src/httpapi/security/public.py
@@ -63,16 +63,20 @@ class PublicAPISecurity:
             resp = httpheaders.set_default_onionr_http_headers(resp)
             # Network API version
             resp.headers['X-API'] = public_api.API_VERSION
+            resp.headers['Access-Control-Allow-Origin'] = "*"
             # Delete some HTTP headers for Onionr user agents
             NON_NETWORK_HEADERS = (
                 'Content-Security-Policy', 'X-Frame-Options',
                 'X-Content-Type-Options', 'Feature-Policy',
                 'Clear-Site-Data', 'Referrer-Policy')
 
+            # For other nodes, we don't need to waste bits on the above headers
             try:
                 if g.is_onionr_client:
                     for header in NON_NETWORK_HEADERS:
                         del resp.headers[header]
+                else:
+                    del resp.headers['X-API']
             except AttributeError:
                 abort(403)