enable CORS on /api endpoints
This commit is contained in:
parent
85bb30abb0
commit
774ffcae3b
|
@ -1,7 +1,6 @@
|
|||
from flask import g
|
||||
from flask import jsonify
|
||||
from flask import request
|
||||
from flask_cors import cross_origin
|
||||
|
||||
from app import alias_utils
|
||||
from app.api.base import api_bp, require_api_auth
|
||||
|
@ -25,7 +24,6 @@ from app.utils import random_string
|
|||
|
||||
|
||||
@api_bp.route("/aliases", methods=["GET", "POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def get_aliases():
|
||||
"""
|
||||
|
@ -68,7 +66,6 @@ def get_aliases():
|
|||
|
||||
|
||||
@api_bp.route("/v2/aliases", methods=["GET", "POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def get_aliases_v2():
|
||||
"""
|
||||
|
@ -121,7 +118,6 @@ def get_aliases_v2():
|
|||
|
||||
|
||||
@api_bp.route("/aliases/<int:alias_id>", methods=["DELETE"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def delete_alias(alias_id):
|
||||
"""
|
||||
|
@ -144,7 +140,6 @@ def delete_alias(alias_id):
|
|||
|
||||
|
||||
@api_bp.route("/aliases/<int:alias_id>/toggle", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def toggle_alias(alias_id):
|
||||
"""
|
||||
|
@ -170,7 +165,6 @@ def toggle_alias(alias_id):
|
|||
|
||||
|
||||
@api_bp.route("/aliases/<int:alias_id>/activities")
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def get_alias_activities(alias_id):
|
||||
"""
|
||||
|
@ -226,7 +220,6 @@ def get_alias_activities(alias_id):
|
|||
|
||||
|
||||
@api_bp.route("/aliases/<int:alias_id>", methods=["PUT"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def update_alias(alias_id):
|
||||
"""
|
||||
|
@ -310,7 +303,6 @@ def update_alias(alias_id):
|
|||
|
||||
|
||||
@api_bp.route("/aliases/<int:alias_id>", methods=["GET"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def get_alias(alias_id):
|
||||
"""
|
||||
|
@ -334,7 +326,6 @@ def get_alias(alias_id):
|
|||
|
||||
|
||||
@api_bp.route("/aliases/<int:alias_id>/contacts")
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def get_alias_contacts_route(alias_id):
|
||||
"""
|
||||
|
@ -368,7 +359,6 @@ def get_alias_contacts_route(alias_id):
|
|||
|
||||
|
||||
@api_bp.route("/aliases/<int:alias_id>/contacts", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def create_contact_route(alias_id):
|
||||
"""
|
||||
|
@ -423,7 +413,6 @@ def create_contact_route(alias_id):
|
|||
|
||||
|
||||
@api_bp.route("/contacts/<int:contact_id>", methods=["DELETE"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def delete_contact(contact_id):
|
||||
"""
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
from flask import jsonify, request, g
|
||||
from flask_cors import cross_origin
|
||||
from sqlalchemy import desc
|
||||
|
||||
from app.api.base import api_bp, require_api_auth
|
||||
|
@ -12,7 +11,6 @@ from app.utils import convert_to_id, random_word
|
|||
|
||||
|
||||
@api_bp.route("/alias/options")
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def options():
|
||||
"""
|
||||
|
@ -88,7 +86,6 @@ def options():
|
|||
|
||||
|
||||
@api_bp.route("/v2/alias/options")
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def options_v2():
|
||||
"""
|
||||
|
@ -169,7 +166,6 @@ def options_v2():
|
|||
|
||||
|
||||
@api_bp.route("/v3/alias/options")
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def options_v3():
|
||||
"""
|
||||
|
@ -246,7 +242,6 @@ def options_v3():
|
|||
|
||||
|
||||
@api_bp.route("/v4/alias/options")
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def options_v4():
|
||||
"""
|
||||
|
|
|
@ -5,7 +5,6 @@ import requests
|
|||
from flask import g
|
||||
from flask import jsonify
|
||||
from flask import request
|
||||
from flask_cors import cross_origin
|
||||
|
||||
from app.api.base import api_bp, require_api_auth
|
||||
from app.config import APPLE_API_SECRET, MACAPP_APPLE_API_SECRET
|
||||
|
@ -25,7 +24,6 @@ _PROD_URL = "https://buy.itunes.apple.com/verifyReceipt"
|
|||
|
||||
|
||||
@api_bp.route("/apple/process_payment", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def apple_process_payment():
|
||||
"""
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
import random
|
||||
|
||||
import facebook
|
||||
import google.oauth2.credentials
|
||||
import googleapiclient.discovery
|
||||
import random
|
||||
from flask import jsonify, request, g
|
||||
from flask_cors import cross_origin
|
||||
from itsdangerous import Signer
|
||||
|
||||
from app import email_utils
|
||||
|
@ -22,7 +22,6 @@ from app.models import User, ApiKey, SocialAuth, AccountActivation
|
|||
|
||||
|
||||
@api_bp.route("/auth/login", methods=["POST"])
|
||||
@cross_origin()
|
||||
@limiter.limit(
|
||||
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
||||
)
|
||||
|
@ -68,7 +67,6 @@ def auth_login():
|
|||
|
||||
|
||||
@api_bp.route("/auth/register", methods=["POST"])
|
||||
@cross_origin()
|
||||
def auth_register():
|
||||
"""
|
||||
User signs up - will need to activate their account with an activation code.
|
||||
|
@ -116,7 +114,6 @@ def auth_register():
|
|||
|
||||
|
||||
@api_bp.route("/auth/activate", methods=["POST"])
|
||||
@cross_origin()
|
||||
@limiter.limit(
|
||||
"10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
|
||||
)
|
||||
|
@ -176,7 +173,6 @@ def auth_activate():
|
|||
|
||||
|
||||
@api_bp.route("/auth/reactivate", methods=["POST"])
|
||||
@cross_origin()
|
||||
def auth_reactivate():
|
||||
"""
|
||||
User asks for another activation code
|
||||
|
@ -218,7 +214,6 @@ def auth_reactivate():
|
|||
|
||||
|
||||
@api_bp.route("/auth/facebook", methods=["POST"])
|
||||
@cross_origin()
|
||||
def auth_facebook():
|
||||
"""
|
||||
Authenticate user with Facebook
|
||||
|
@ -269,7 +264,6 @@ def auth_facebook():
|
|||
|
||||
|
||||
@api_bp.route("/auth/google", methods=["POST"])
|
||||
@cross_origin()
|
||||
def auth_google():
|
||||
"""
|
||||
Authenticate user with Facebook
|
||||
|
@ -343,7 +337,6 @@ def auth_payload(user, device) -> dict:
|
|||
|
||||
|
||||
@api_bp.route("/auth/forgot_password", methods=["POST"])
|
||||
@cross_origin()
|
||||
def forgot_password():
|
||||
"""
|
||||
User forgot password
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
import pyotp
|
||||
from flask import jsonify, request
|
||||
from flask_cors import cross_origin
|
||||
from itsdangerous import Signer
|
||||
|
||||
from app.api.base import api_bp
|
||||
|
@ -11,7 +10,6 @@ from app.models import User, ApiKey
|
|||
|
||||
|
||||
@api_bp.route("/auth/mfa", methods=["POST"])
|
||||
@cross_origin()
|
||||
def auth_mfa():
|
||||
"""
|
||||
Validate the OTP Token
|
||||
|
|
|
@ -3,7 +3,6 @@ from smtplib import SMTPRecipientsRefused
|
|||
from flask import g
|
||||
from flask import jsonify
|
||||
from flask import request
|
||||
from flask_cors import cross_origin
|
||||
|
||||
from app.api.base import api_bp, require_api_auth
|
||||
from app.dashboard.views.mailbox import send_verification_email
|
||||
|
@ -17,7 +16,6 @@ from app.models import Mailbox
|
|||
|
||||
|
||||
@api_bp.route("/mailboxes", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def create_mailbox():
|
||||
"""
|
||||
|
@ -62,7 +60,6 @@ def create_mailbox():
|
|||
|
||||
|
||||
@api_bp.route("/mailboxes/<mailbox_id>", methods=["DELETE"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def delete_mailbox(mailbox_id):
|
||||
"""
|
||||
|
@ -89,7 +86,6 @@ def delete_mailbox(mailbox_id):
|
|||
|
||||
|
||||
@api_bp.route("/mailboxes/<mailbox_id>", methods=["PUT"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def update_mailbox(mailbox_id):
|
||||
"""
|
||||
|
@ -152,7 +148,6 @@ def update_mailbox(mailbox_id):
|
|||
|
||||
|
||||
@api_bp.route("/mailboxes", methods=["GET"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def get_mailboxes():
|
||||
"""
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
from flask import g
|
||||
from flask import jsonify, request
|
||||
from flask_cors import cross_origin
|
||||
from itsdangerous import SignatureExpired
|
||||
|
||||
from app.api.base import api_bp, require_api_auth
|
||||
|
@ -28,7 +27,6 @@ from app.utils import convert_to_id
|
|||
|
||||
|
||||
@api_bp.route("/alias/custom/new", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def new_custom_alias():
|
||||
"""
|
||||
|
@ -99,7 +97,6 @@ def new_custom_alias():
|
|||
|
||||
|
||||
@api_bp.route("/v2/alias/custom/new", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def new_custom_alias_v2():
|
||||
"""
|
||||
|
@ -194,7 +191,6 @@ def new_custom_alias_v2():
|
|||
|
||||
|
||||
@api_bp.route("/v3/alias/custom/new", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def new_custom_alias_v3():
|
||||
"""
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
from flask import g
|
||||
from flask import jsonify, request
|
||||
from flask_cors import cross_origin
|
||||
|
||||
from app.api.base import api_bp, require_api_auth
|
||||
from app.api.serializer import (
|
||||
|
@ -14,7 +13,6 @@ from app.models import Alias, AliasUsedOn, AliasGeneratorEnum
|
|||
|
||||
|
||||
@api_bp.route("/alias/random/new", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def new_random_alias():
|
||||
"""
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
from flask import g
|
||||
from flask import jsonify
|
||||
from flask import request
|
||||
from flask_cors import cross_origin
|
||||
|
||||
from app.api.base import api_bp, require_api_auth
|
||||
from app.config import PAGE_LIMIT
|
||||
|
@ -10,7 +9,6 @@ from app.models import Notification
|
|||
|
||||
|
||||
@api_bp.route("/notifications", methods=["GET"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def get_notifications():
|
||||
"""
|
||||
|
@ -61,7 +59,6 @@ def get_notifications():
|
|||
|
||||
|
||||
@api_bp.route("/notifications/<notification_id>/read", methods=["POST"])
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def mark_as_read(notification_id):
|
||||
"""
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
from flask import jsonify, g
|
||||
from flask_cors import cross_origin
|
||||
|
||||
from app.api.base import api_bp, require_api_auth
|
||||
|
||||
|
||||
@api_bp.route("/user_info")
|
||||
@cross_origin()
|
||||
@require_api_auth
|
||||
def user_info():
|
||||
"""
|
||||
|
|
|
@ -5,7 +5,7 @@ import sentry_sdk
|
|||
import ssl
|
||||
from flask import Flask, redirect, url_for, render_template, request, jsonify, flash
|
||||
from flask_admin import Admin
|
||||
from flask_cors import cross_origin
|
||||
from flask_cors import cross_origin, CORS
|
||||
from flask_login import current_user
|
||||
from sentry_sdk.integrations.aiohttp import AioHttpIntegration
|
||||
from sentry_sdk.integrations.flask import FlaskIntegration
|
||||
|
@ -122,6 +122,9 @@ def create_app() -> Flask:
|
|||
}
|
||||
flask_profiler.init_app(app)
|
||||
|
||||
# enable CORS on /api endpoints
|
||||
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
|
||||
|
||||
return app
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue