Enable CORS to allow access from GN2 javascript

3 files changed, 15 insertions, 0 deletions

diff --git a/.guix/modules/gn-auth.scm b/.guix/modules/gn-auth.scm
index ec91df0..4a7a400 100644
--- a/.guix/modules/gn-auth.scm
+++ b/.guix/modules/gn-auth.scm
@@ -60,6 +60,7 @@
        ("python-authlib" ,python-authlib)
        ("python-pymonad" ,python-pymonad)
        ("yoyo-migrations" ,yoyo-migrations)
+       ("python-flask-cors" ,python-flask-cors)
        ("python-mysqlclient" ,python-mysqlclient)
        ("python-argon2-cffi" ,python-argon2-cffi)
        ("python-email-validator" ,python-email-validator)))
diff --git a/gn_auth/__init__.py b/gn_auth/__init__.py
index 8bd0093..79f52fd 100644
--- a/gn_auth/__init__.py
+++ b/gn_auth/__init__.py
@@ -5,6 +5,7 @@ import logging
 from typing import Optional
 
 from flask import Flask
+from flask_cors import CORS
 
 from gn_auth.misc_views import misc
 from gn_auth.auth.views import oauth2
@@ -76,6 +77,12 @@ def create_app(config: Optional[dict] = None) -> Flask:
     setup_logging_handlers(app)
     setup_oauth2_server(app)
 
+    CORS(
+        app,
+        origins=app.config["CORS_ORIGINS"],
+        allow_headers=app.config["CORS_HEADERS"],
+        supports_credentials=True, intercept_exceptions=False)
+
     ## Blueprints
     app.register_blueprint(misc, url_prefix="/")
     app.register_blueprint(oauth2, url_prefix="/auth")
diff --git a/gn_auth/settings.py b/gn_auth/settings.py
index e8611bf..394c557 100644
--- a/gn_auth/settings.py
+++ b/gn_auth/settings.py
@@ -19,3 +19,10 @@ REDIS_URI = "redis://localhost:6379/0"
 OAUTH2_SCOPE = (
     "profile", "group", "role", "resource", "user", "masquerade",
     "introspect")
+
+CORS_ORIGINS = "*"
+CORS_HEADERS = [
+    "Content-Type",
+    "Authorization",
+    "Access-Control-Allow-Credentials"
+]