From b5a08177605a0686ef95f3675e38177296dd3ee4 Mon Sep 17 00:00:00 2001 From: zwitschi Date: Thu, 30 Oct 2025 13:06:08 +0100 Subject: [PATCH] fix: format code for better readability and add CORS handling for OPTIONS requests --- server/middleware.py | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/server/middleware.py b/server/middleware.py index 54605a6..f753d26 100644 --- a/server/middleware.py +++ b/server/middleware.py @@ -44,7 +44,8 @@ def register_request_hooks(app: Flask) -> None: @app.after_request def add_request_id_header(response): # type: ignore[unused-ignore] try: - rid = getattr(request, "request_id", None) or request.environ.get("HTTP_X_REQUEST_ID") + rid = getattr(request, "request_id", None) or request.environ.get( + "HTTP_X_REQUEST_ID") if rid: response.headers["X-Request-Id"] = rid @@ -62,7 +63,27 @@ def register_request_hooks(app: Flask) -> None: pass start_time = getattr(g, "_start_time", None) - observe_request(request.method, request.path, start_time, response.status_code) + observe_request(request.method, request.path, + start_time, response.status_code) except Exception: pass return response + + @app.after_request + def add_cors_headers(response): # type: ignore[unused-ignore] + # Add CORS headers for embedded forms + if request.path.startswith("/api/"): + response.headers["Access-Control-Allow-Origin"] = "*" + response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS" + response.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization" + + return response + + @app.before_request + def handle_options(): # type: ignore[unused-ignore] + if request.method == "OPTIONS": + response = app.response_class() + response.headers["Access-Control-Allow-Origin"] = "*" + response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS" + response.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization" + return response