From 5abe4cf704b194a200e6454d652bb14a38811b4a Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Wed, 30 Sep 2020 07:45:14 +0000 Subject: [PATCH] (re)added cors to public api --- src/httpapi/security/public.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/httpapi/security/public.py b/src/httpapi/security/public.py index f38a5278..ac171342 100644 --- a/src/httpapi/security/public.py +++ b/src/httpapi/security/public.py @@ -63,16 +63,20 @@ class PublicAPISecurity: resp = httpheaders.set_default_onionr_http_headers(resp) # Network API version resp.headers['X-API'] = public_api.API_VERSION + resp.headers['Access-Control-Allow-Origin'] = "*" # Delete some HTTP headers for Onionr user agents NON_NETWORK_HEADERS = ( 'Content-Security-Policy', 'X-Frame-Options', 'X-Content-Type-Options', 'Feature-Policy', 'Clear-Site-Data', 'Referrer-Policy') + # For other nodes, we don't need to waste bits on the above headers try: if g.is_onionr_client: for header in NON_NETWORK_HEADERS: del resp.headers[header] + else: + del resp.headers['X-API'] except AttributeError: abort(403)