From 9aed6d183709a772f8019d2d4d6fc2ce96cf780f Mon Sep 17 00:00:00 2001 From: arabcoders Date: Mon, 12 May 2025 17:02:08 +0300 Subject: [PATCH] Fix CORS issue with extensions --- app/library/HttpAPI.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/app/library/HttpAPI.py b/app/library/HttpAPI.py index 22419247..9f65c0cb 100644 --- a/app/library/HttpAPI.py +++ b/app/library/HttpAPI.py @@ -150,10 +150,11 @@ class HttpAPI(Common): if "Server" in response.headers: del response.headers["Server"] - if "Origin" in request.headers: - response.headers["Access-Control-Allow-Origin"] = request.headers["Origin"] - response.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization" - response.headers["Access-Control-Allow-Methods"] = "GET, PATCH, PUT, POST, DELETE" + response.headers["Access-Control-Allow-Origin"] = request.headers.get("Origin", "*") + response.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization" + response.headers["Access-Control-Allow-Methods"] = "GET, PATCH, PUT, POST, DELETE" + response.headers["Access-Control-Allow-Credentials"] = "true" + response.headers["Access-Control-Max-Age"] = str(60 * 15) try: app.on_response_prepare.append(on_prepare)