CORS support (#5)

Support for CORS has been added in main module. - all origin is allowed (*) - all methods are allowed (*) - LOGIN route now only POST requests Signed-off-by: Veljko Tekelerović <[email protected]>
vexy · Mar 29, 2020 · 5f7def9 · 5f7def9
1 parent 817db4f
commit 5f7def9
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -2,7 +2,8 @@
 This repository represents the source code template for micro webserver that provides authentication gate for your protected resources.
 
 It is written in `Python` using `Flask` framework and relies on `JWT` authentication mechanism.  
-Some of the provided strategies are to basic/simple for **serious**, production level webserver. Use this template as starting point for more complex projects and requirements.
+Some of the provided strategies are to basic/simple for **serious**, production level webserver.  
+Use this template as starting point for more complex projects and requirements.
 
 ### JWT based
 `JSON Web Tokens` - or [JWT](https://jwt.io/) in short - is the foundation authentication principle used in this template.  
@@ -18,9 +19,12 @@ Template is designed to support modular structure. Main application modules are
 ### Different authentication strategies
 Presented here is basic HTTP AUTHENTICATION through Authentication field. Note there are **way secure** authentication mechanisms, such as `OAuth`.
 
+#### CORS setup
+For the sake of simplicity, CORS has been enabled completely. Server will accept all origins no matter where the request comes from. Check and/or modify `@app.after_request` directive to further customise desired behaviour (lines [20-24](https://github.com/vexy/flask-auth-template/blob/master/main-module.py#L20-L24) in `main-module.py`).
+
 ### Installation
 Before you begin:
-```
+```bash
 git clone
 cd flask-auth-template
 ```

diff --git a/install-dependencies.sh b/install-dependencies.sh
@@ -1,3 +1,3 @@
 # pip packages
-echo "Installing needed modules via pip..."
+echo -e "\e[5mInstalling project dependencies\e[0m"
 pip3 install -r requirements.txt
diff --git a/main-module.py b/main-module.py
@@ -16,6 +16,13 @@
     app.register_blueprint(authRoute)
     app.register_blueprint(protectedRoute)
 
+# make sure this is turned off
+@app.after_request
+def attachCORSHeader(response):
+    response.headers.set('Access-Control-Allow-Headers', '*')
+    response.headers.set('Access-Control-Allow-Origin', '*')
+    return response
+
 # Publicly accessible routes
 # ------------------------------
 @app.route('/')

diff --git a/modules/auth.py b/modules/auth.py
@@ -9,7 +9,7 @@
 # public blueprint exposure
 authRoute = Blueprint('auth', __name__)
 
-@authRoute.route('/login')
+@authRoute.route('/login', methods=['POST'])
 def login():
     # get authorization field from HTTP request, early exit if it's not present
     auth = request.authorization