Project

General

Profile

Feature #1299

API: Setting for CORS allowance in UI

Added by Bernhard Koschicek 4 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Low
Category:
API
Target version:
Start date:
2020-07-07
Estimated time:

Description

There is now flask-cors implemented in the backend code. We use a decorator for the /api/ route to handle CORS. To specify, which sites are allowed to pull data from the /api/, a global variable in default.py named CORS_ALLOWANCE = '*' was created. So for now, people can change the CORS allowance through the production.py, where they can set CORS_ALLOWANCE to * (asterisk) to allow any sites or specify one or more sites with a string, regex or a list (cf. https://flask-cors.readthedocs.io/en/latest/api.html#decorator).

So for an easier usage, it would be nice to have the possibility to modify this also in the UI.

Wiki page: CORS

History

#1

Updated by Bernhard Koschicek 4 months ago

  • Description updated (diff)
#2

Updated by Alexander Watzinger 4 months ago

  • Target version changed from Wishlist to 5.3.0
  • Assignee changed from Christoph Hoffmann to Bernhard Koschicek
  • Status changed from New to Assigned
  • Category changed from UI to API

Beside CORS_ALLOWANCE there is also a API_SCHEMA configuration value in default.py which I could move to the API settings in backend. Since the schema is place specific I could implement it as:

@ Berni: does this sound right to you? Please assign to me if answered because moving settings to backend admin is more in my area.

#3

Updated by Bernhard Koschicek 4 months ago

  • Assignee changed from Bernhard Koschicek to Alexander Watzinger

Yes, sounds good to me. So it is possible to modified in the UI under Admin/Data/API?

#4

Updated by Alexander Watzinger 4 months ago

  • Subject changed from Setting CORS allowance in UI to API: Setting for CORS allowance in UI

Yes, I will move these 2 settings from default.py to the database (website.settings) which than can be configured in admin/data/api

#5

Updated by Alexander Watzinger 4 months ago

  • Target version changed from 5.3.0 to 5.5.0
  • Assignee deleted (Alexander Watzinger)
  • Status changed from Assigned to Acknowledged

Moving ticket to next version because database updates will be needed. Until now we have none for this version which makes updating instances much easier. The next version after this will have database updates anyway.
@ Berni: hoping this doesn't affect your development in any way.

#6

Updated by Alexander Watzinger about 2 months ago

  • Assignee set to Bernhard Koschicek
  • Status changed from Acknowledged to Closed

Changing value in back end settings will be implemented in next version. For now it can be set in production.ini

#7

Updated by Alexander Watzinger about 2 months ago

  • Target version changed from 5.5.0 to 5.4.0

Also available in: Atom PDF