vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add X-Requested-With header to allowed CORS headers

Browse source 
Will fix the API explorer
This commit is contained in:
Joseph Schorr 2018-02-21 14:21:27 -05:00
parent d77aa9228f
commit bcd9b680fa
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
endpoints/api/__init__.py
View file

@ -32,8 +32,10 @@ logger = logging.getLogger(__name__)
api_bp = Blueprint('api', __name__)
CROSS_DOMAIN_HEADERS = ['Authorization', 'Content-Type', 'X-Requested-With']
class ApiExceptionHandlingApi(Api):
@crossdomain(origin='*', headers=['Authorization', 'Content-Type'])
@crossdomain(origin='*', headers=CROSS_DOMAIN_HEADERS)
def handle_error(self, error):
return super(ApiExceptionHandlingApi, self).handle_error(error)
@ -41,7 +43,7 @@ class ApiExceptionHandlingApi(Api):
api = ApiExceptionHandlingApi()
api.init_app(api_bp)
api.decorators = [csrf_protect(),
crossdomain(origin='*', headers=['Authorization', 'Content-Type']),
crossdomain(origin='*', headers=CROSS_DOMAIN_HEADERS),
process_oauth, time_decorator(api_bp.name, metric_queue),
require_xhr_from_browser]