Feature #1299
closed
API: Setting for CORS allowance in UI
Description
There is now flask-cors implemented in the backend code. We use a decorator for the /api/ route to handle CORS. To specify, which sites are allowed to pull data from the /api/, a global variable in default.py named CORS_ALLOWANCE = '*' was created. So for now, people can change the CORS allowance through the production.py, where they can set CORS_ALLOWANCE to * (asterisk) to allow any sites or specify one or more sites with a string, regex or a list (cf. https://flask-cors.readthedocs.io/en/latest/api.html#decorator).
So for an easier usage, it would be nice to have the possibility to modify this also in the UI.
Wiki page: CORS
Updated by Bernhard Koschiček-Krombholz over 4 years ago
- Description updated (diff)
Updated by Alexander Watzinger over 4 years ago
- Category changed from UI to API
- Status changed from New to Assigned
- Assignee changed from Christoph Hoffmann to Bernhard Koschiček-Krombholz
- Target version changed from Wishlist to 5.3.0
Beside CORS_ALLOWANCE there is also a API_SCHEMA configuration value in default.py which I could move to the API settings in backend. Since the schema is place specific I could implement it as:
- api_cors_allowance (default: *)
- api_schema_place (default: https://raw.githubusercontent.com/LinkedPasts/linked-places/master/linkedplaces-context-v1.jsonld)
@ Berni: does this sound right to you? Please assign to me if answered because moving settings to backend admin is more in my area.
Updated by Bernhard Koschiček-Krombholz over 4 years ago
- Assignee changed from Bernhard Koschiček-Krombholz to Alexander Watzinger
Yes, sounds good to me. So it is possible to modified in the UI under Admin/Data/API?
Updated by Alexander Watzinger over 4 years ago
- Subject changed from Setting CORS allowance in UI to API: Setting for CORS allowance in UI
Yes, I will move these 2 settings from default.py to the database (website.settings) which than can be configured in admin/data/api
Updated by Alexander Watzinger over 4 years ago
- Status changed from Assigned to Acknowledged
- Assignee deleted (
Alexander Watzinger) - Target version changed from 5.3.0 to 5.5.0
Moving ticket to next version because database updates will be needed. Until now we have none for this version which makes updating instances much easier. The next version after this will have database updates anyway.
@ Berni: hoping this doesn't affect your development in any way.
Updated by Alexander Watzinger about 4 years ago
- Status changed from Acknowledged to Closed
- Assignee set to Bernhard Koschiček-Krombholz
Changing value in back end settings will be implemented in next version. For now it can be set in production.ini
Updated by Alexander Watzinger about 4 years ago
- Target version changed from 5.5.0 to 5.4.0