From 154a9e0dbb34765b29d8e9d64dd3dd086a3276dc Mon Sep 17 00:00:00 2001
From: Jack Greenlee <greenljk@mail.uc.edu>
Date: Tue, 27 Aug 2024 23:01:39 -0400
Subject: [PATCH] enable CORS in cfc_webapp

This is necessary for https://github.com/e-mission/e-mission-phone/pull/1169 to be able to make requests to the server from a browser
---
 emission/net/api/cfc_webapp.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/emission/net/api/cfc_webapp.py b/emission/net/api/cfc_webapp.py
index e23cd5e23..ad343aef5 100644
--- a/emission/net/api/cfc_webapp.py
+++ b/emission/net/api/cfc_webapp.py
@@ -480,6 +480,18 @@ def after_request():
         msTimeNow, duration)
   stats.store_server_api_time(request.params.user_uuid, "%s_%s_cputime" % (request.method, request.path),
         msTimeNow, new_duration)
+  
+  # add headers to allow CORS (Cross-Origin Resource Sharing)
+  # Note: this is only needed for requests made from browsers (i.e. JavaScript fetch)
+  # Requests made from native phone code do not have rules about CORS
+  response.headers['Access-Control-Allow-Origin'] = '*'
+  response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
+  response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'
+
+# generic route accepting OPTIONS method, needed for CORS preflight
+@route('/<:re:.*>', method='OPTIONS')
+def enable_cors_generic_route():
+    pass
 
 # Auth helpers BEGIN
 # This should only be used by createUserProfile since we may not have a UUID