diff --git a/app/main.py b/app/main.py index 11c03fb..9bb53cd 100644 --- a/app/main.py +++ b/app/main.py @@ -3,6 +3,7 @@ from fastapi.responses import HTMLResponse from fastapi.staticfiles import StaticFiles from fastapi.templating import Jinja2Templates +from fastapi.middleware.cors import CORSMiddleware from typing import Annotated from uuid import UUID @@ -33,6 +34,14 @@ app = FastAPI() +app.add_middleware( + CORSMiddleware, + allow_origins=["*"], + allow_credentials=False, + allow_methods=["GET", "POST", "PUT", "DELETE"], + allow_headers=["*"] + ) + app.include_router(author.router) app.include_router(output.router) app.include_router(country.router) diff --git a/app/test_main.py b/app/test_main.py index 048f240..72b4666 100644 --- a/app/test_main.py +++ b/app/test_main.py @@ -143,3 +143,30 @@ def test_workstream_error_on_not_exist(self): """ response = client.get("/api/workstreams/XXX") assert response.status_code == 404 + +class TestCORS: + def test_cors_preflight(self): + response = client.options("/api/authors", headers={ + "Origin": "http://localhost:3000", + "Access-Control-Request-Method": "GET", + "Access-Control-Request-Headers": "Content-Type" + }) + assert response.status_code == 200 + assert response.headers["access-control-allow-origin"] == "*" + assert "GET" in response.headers["access-control-allow-methods"] + + def test_cors_headers_on_response(self): + response = client.get("/api/authors", headers={ + "Origin": "http://localhost:3000" + }) + assert response.status_code == 200 + assert response.headers["access-control-allow-origin"] == "*" + + def test_cors_credentials(self): + response = client.options("/api/authors", headers={ + "Origin": "http://localhost:3000", + "Access-Control-Request-Method": "GET", + "Access-Control-Request-Headers": "Content-Type, Authorization" + }) + assert response.status_code == 200 + assert "authorization" in response.headers["access-control-allow-headers"].lower() \ No newline at end of file