From bcd9b680faf21b3e141a831a1bf6a605d8887aa9 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Wed, 21 Feb 2018 14:21:27 -0500 Subject: [PATCH] Add X-Requested-With header to allowed CORS headers Will fix the API explorer --- endpoints/api/__init__.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/endpoints/api/__init__.py b/endpoints/api/__init__.py index f0d59913e..cf660b41c 100644 --- a/endpoints/api/__init__.py +++ b/endpoints/api/__init__.py @@ -32,8 +32,10 @@ logger = logging.getLogger(__name__) api_bp = Blueprint('api', __name__) +CROSS_DOMAIN_HEADERS = ['Authorization', 'Content-Type', 'X-Requested-With'] + class ApiExceptionHandlingApi(Api): - @crossdomain(origin='*', headers=['Authorization', 'Content-Type']) + @crossdomain(origin='*', headers=CROSS_DOMAIN_HEADERS) def handle_error(self, error): return super(ApiExceptionHandlingApi, self).handle_error(error) @@ -41,7 +43,7 @@ class ApiExceptionHandlingApi(Api): api = ApiExceptionHandlingApi() api.init_app(api_bp) api.decorators = [csrf_protect(), - crossdomain(origin='*', headers=['Authorization', 'Content-Type']), + crossdomain(origin='*', headers=CROSS_DOMAIN_HEADERS), process_oauth, time_decorator(api_bp.name, metric_queue), require_xhr_from_browser]