API: Setting for CORS allowance in UI
There is now flask-cors implemented in the backend code. We use a decorator for the /api/ route to handle CORS. To specify, which sites are allowed to pull data from the /api/, a global variable in default.py named CORS_ALLOWANCE = '*' was created. So for now, people can change the CORS allowance through the production.py, where they can set CORS_ALLOWANCE to * (asterisk) to allow any sites or specify one or more sites with a string, regex or a list (cf. https://flask-cors.readthedocs.io/en/latest/api.html#decorator).
So for an easier usage, it would be nice to have the possibility to modify this also in the UI.
Wiki page: CORS
Updated by Alexander Watzinger 10 months ago
- Target version changed from Wishlist to 5.3.0
- Assignee changed from Christoph Hoffmann to Bernhard Koschicek
- Status changed from New to Assigned
- Category changed from UI to API
Beside CORS_ALLOWANCE there is also a API_SCHEMA configuration value in default.py which I could move to the API settings in backend. Since the schema is place specific I could implement it as:
- api_cors_allowance (default: *)
- api_schema_place (default: https://raw.githubusercontent.com/LinkedPasts/linked-places/master/linkedplaces-context-v1.jsonld)
@ Berni: does this sound right to you? Please assign to me if answered because moving settings to backend admin is more in my area.
Updated by Alexander Watzinger 9 months ago
- Target version changed from 5.3.0 to 5.5.0
- Assignee deleted (
- Status changed from Assigned to Acknowledged
Moving ticket to next version because database updates will be needed. Until now we have none for this version which makes updating instances much easier. The next version after this will have database updates anyway.
@ Berni: hoping this doesn't affect your development in any way.