CORS

To allow Cross Origin Resource Sharing (CORS), OpenAtlas API uses flask-cors. Every path of the /api/ is protected, but the access can come from everywhere right now ('*')

cors = CORS(app, resources={r"/api/*": {"origins": app.config['CORS_ALLOWANCE']}})

Origins point to a global variable, which can be changed in the instance/production.py. Default value:

 CORS_ALLOWANCE = '*'  

The value can be a case-sensitive string, for a single point of origin, a regex expression, a list or an asterisk (*) as wildcard.
Examples:

CORS_ALLOWANCE = 'https://thanados.net/'
CORS_ALLOWANCE = ['https://thanados.net/', 'https://openatlas.eu/']
CORS_ALLOWANCE = r'^((https?:\/\/)?.*?([\w\d-]*\.[\w\d]+))($|\/.*$)'

Links

https://flask-cors.readthedocs.io/