From c821b2ad17f029ceab4d5fbdc0ff0be6a532aa6e Mon Sep 17 00:00:00 2001 From: burnettk Date: Tue, 6 Dec 2022 08:24:02 -0500 Subject: [PATCH] update cors handling to make it more efficient --- spiffworkflow-backend/src/spiffworkflow_backend/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py index 5d591d84..de73385f 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/__init__.py @@ -104,11 +104,14 @@ def create_app() -> flask.app.Flask: app.register_blueprint(api_error_blueprint) app.register_blueprint(admin_blueprint, url_prefix="/admin") + # preflight options requests will be allowed if they meet the requirements of the url regex. + # we will add an Access-Control-Max-Age header to the response to tell the browser it doesn't + # need to continually keep asking for the same path. origins_re = [ r"^https?:\/\/%s(.*)" % o.replace(".", r"\.") for o in app.config["CORS_ALLOW_ORIGINS"] ] - CORS(app, origins=origins_re) + CORS(app, origins=origins_re, max_age=3600) connexion_app.add_api("api.yml", base_path="/v1.0")