diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py index 5d591d84..de73385f 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py @@ -104,11 +104,14 @@ def create_app() -> flask.app.Flask: app.register_blueprint(api_error_blueprint) app.register_blueprint(admin_blueprint, url_prefix="/admin") + # preflight options requests will be allowed if they meet the requirements of the url regex. + # we will add an Access-Control-Max-Age header to the response to tell the browser it doesn't + # need to continually keep asking for the same path. origins_re = [ r"^https?:\/\/%s(.*)" % o.replace(".", r"\.") for o in app.config["CORS_ALLOW_ORIGINS"] ] - CORS(app, origins=origins_re) + CORS(app, origins=origins_re, max_age=3600) connexion_app.add_api("api.yml", base_path="/v1.0")