diff --git a/app/api/views/alias.py b/app/api/views/alias.py index 4112769a..111d93c4 100644 --- a/app/api/views/alias.py +++ b/app/api/views/alias.py @@ -1,7 +1,6 @@ from flask import g from flask import jsonify from flask import request -from flask_cors import cross_origin from app import alias_utils from app.api.base import api_bp, require_api_auth @@ -25,7 +24,6 @@ from app.utils import random_string @api_bp.route("/aliases", methods=["GET", "POST"]) -@cross_origin() @require_api_auth def get_aliases(): """ @@ -68,7 +66,6 @@ def get_aliases(): @api_bp.route("/v2/aliases", methods=["GET", "POST"]) -@cross_origin() @require_api_auth def get_aliases_v2(): """ @@ -121,7 +118,6 @@ def get_aliases_v2(): @api_bp.route("/aliases/", methods=["DELETE"]) -@cross_origin() @require_api_auth def delete_alias(alias_id): """ @@ -144,7 +140,6 @@ def delete_alias(alias_id): @api_bp.route("/aliases//toggle", methods=["POST"]) -@cross_origin() @require_api_auth def toggle_alias(alias_id): """ @@ -170,7 +165,6 @@ def toggle_alias(alias_id): @api_bp.route("/aliases//activities") -@cross_origin() @require_api_auth def get_alias_activities(alias_id): """ @@ -226,7 +220,6 @@ def get_alias_activities(alias_id): @api_bp.route("/aliases/", methods=["PUT"]) -@cross_origin() @require_api_auth def update_alias(alias_id): """ @@ -310,7 +303,6 @@ def update_alias(alias_id): @api_bp.route("/aliases/", methods=["GET"]) -@cross_origin() @require_api_auth def get_alias(alias_id): """ @@ -334,7 +326,6 @@ def get_alias(alias_id): @api_bp.route("/aliases//contacts") -@cross_origin() @require_api_auth def get_alias_contacts_route(alias_id): """ @@ -368,7 +359,6 @@ def get_alias_contacts_route(alias_id): @api_bp.route("/aliases//contacts", methods=["POST"]) -@cross_origin() @require_api_auth def create_contact_route(alias_id): """ @@ -423,7 +413,6 @@ def create_contact_route(alias_id): @api_bp.route("/contacts/", methods=["DELETE"]) -@cross_origin() @require_api_auth def delete_contact(contact_id): """ diff --git a/app/api/views/alias_options.py b/app/api/views/alias_options.py index 70860780..e3640f36 100644 --- a/app/api/views/alias_options.py +++ b/app/api/views/alias_options.py @@ -1,5 +1,4 @@ from flask import jsonify, request, g -from flask_cors import cross_origin from sqlalchemy import desc from app.api.base import api_bp, require_api_auth @@ -12,7 +11,6 @@ from app.utils import convert_to_id, random_word @api_bp.route("/alias/options") -@cross_origin() @require_api_auth def options(): """ @@ -88,7 +86,6 @@ def options(): @api_bp.route("/v2/alias/options") -@cross_origin() @require_api_auth def options_v2(): """ @@ -169,7 +166,6 @@ def options_v2(): @api_bp.route("/v3/alias/options") -@cross_origin() @require_api_auth def options_v3(): """ @@ -246,7 +242,6 @@ def options_v3(): @api_bp.route("/v4/alias/options") -@cross_origin() @require_api_auth def options_v4(): """ diff --git a/app/api/views/apple.py b/app/api/views/apple.py index 2b0979ce..68ab5b4b 100644 --- a/app/api/views/apple.py +++ b/app/api/views/apple.py @@ -5,7 +5,6 @@ import requests from flask import g from flask import jsonify from flask import request -from flask_cors import cross_origin from app.api.base import api_bp, require_api_auth from app.config import APPLE_API_SECRET, MACAPP_APPLE_API_SECRET @@ -25,7 +24,6 @@ _PROD_URL = "https://buy.itunes.apple.com/verifyReceipt" @api_bp.route("/apple/process_payment", methods=["POST"]) -@cross_origin() @require_api_auth def apple_process_payment(): """ diff --git a/app/api/views/auth.py b/app/api/views/auth.py index 280f71c9..fc91cd26 100644 --- a/app/api/views/auth.py +++ b/app/api/views/auth.py @@ -1,9 +1,9 @@ +import random + import facebook import google.oauth2.credentials import googleapiclient.discovery -import random from flask import jsonify, request, g -from flask_cors import cross_origin from itsdangerous import Signer from app import email_utils @@ -22,7 +22,6 @@ from app.models import User, ApiKey, SocialAuth, AccountActivation @api_bp.route("/auth/login", methods=["POST"]) -@cross_origin() @limiter.limit( "10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit ) @@ -68,7 +67,6 @@ def auth_login(): @api_bp.route("/auth/register", methods=["POST"]) -@cross_origin() def auth_register(): """ User signs up - will need to activate their account with an activation code. @@ -116,7 +114,6 @@ def auth_register(): @api_bp.route("/auth/activate", methods=["POST"]) -@cross_origin() @limiter.limit( "10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit ) @@ -176,7 +173,6 @@ def auth_activate(): @api_bp.route("/auth/reactivate", methods=["POST"]) -@cross_origin() def auth_reactivate(): """ User asks for another activation code @@ -218,7 +214,6 @@ def auth_reactivate(): @api_bp.route("/auth/facebook", methods=["POST"]) -@cross_origin() def auth_facebook(): """ Authenticate user with Facebook @@ -269,7 +264,6 @@ def auth_facebook(): @api_bp.route("/auth/google", methods=["POST"]) -@cross_origin() def auth_google(): """ Authenticate user with Facebook @@ -343,7 +337,6 @@ def auth_payload(user, device) -> dict: @api_bp.route("/auth/forgot_password", methods=["POST"]) -@cross_origin() def forgot_password(): """ User forgot password diff --git a/app/api/views/auth_mfa.py b/app/api/views/auth_mfa.py index fdd5e87a..6871aaf6 100644 --- a/app/api/views/auth_mfa.py +++ b/app/api/views/auth_mfa.py @@ -1,6 +1,5 @@ import pyotp from flask import jsonify, request -from flask_cors import cross_origin from itsdangerous import Signer from app.api.base import api_bp @@ -11,7 +10,6 @@ from app.models import User, ApiKey @api_bp.route("/auth/mfa", methods=["POST"]) -@cross_origin() def auth_mfa(): """ Validate the OTP Token diff --git a/app/api/views/mailbox.py b/app/api/views/mailbox.py index fc5e9d93..4d112790 100644 --- a/app/api/views/mailbox.py +++ b/app/api/views/mailbox.py @@ -3,7 +3,6 @@ from smtplib import SMTPRecipientsRefused from flask import g from flask import jsonify from flask import request -from flask_cors import cross_origin from app.api.base import api_bp, require_api_auth from app.dashboard.views.mailbox import send_verification_email @@ -17,7 +16,6 @@ from app.models import Mailbox @api_bp.route("/mailboxes", methods=["POST"]) -@cross_origin() @require_api_auth def create_mailbox(): """ @@ -62,7 +60,6 @@ def create_mailbox(): @api_bp.route("/mailboxes/", methods=["DELETE"]) -@cross_origin() @require_api_auth def delete_mailbox(mailbox_id): """ @@ -89,7 +86,6 @@ def delete_mailbox(mailbox_id): @api_bp.route("/mailboxes/", methods=["PUT"]) -@cross_origin() @require_api_auth def update_mailbox(mailbox_id): """ @@ -152,7 +148,6 @@ def update_mailbox(mailbox_id): @api_bp.route("/mailboxes", methods=["GET"]) -@cross_origin() @require_api_auth def get_mailboxes(): """ diff --git a/app/api/views/new_custom_alias.py b/app/api/views/new_custom_alias.py index 8fafe3b9..5f113c98 100644 --- a/app/api/views/new_custom_alias.py +++ b/app/api/views/new_custom_alias.py @@ -1,6 +1,5 @@ from flask import g from flask import jsonify, request -from flask_cors import cross_origin from itsdangerous import SignatureExpired from app.api.base import api_bp, require_api_auth @@ -28,7 +27,6 @@ from app.utils import convert_to_id @api_bp.route("/alias/custom/new", methods=["POST"]) -@cross_origin() @require_api_auth def new_custom_alias(): """ @@ -99,7 +97,6 @@ def new_custom_alias(): @api_bp.route("/v2/alias/custom/new", methods=["POST"]) -@cross_origin() @require_api_auth def new_custom_alias_v2(): """ @@ -194,7 +191,6 @@ def new_custom_alias_v2(): @api_bp.route("/v3/alias/custom/new", methods=["POST"]) -@cross_origin() @require_api_auth def new_custom_alias_v3(): """ diff --git a/app/api/views/new_random_alias.py b/app/api/views/new_random_alias.py index 9a7bdcdc..446feba3 100644 --- a/app/api/views/new_random_alias.py +++ b/app/api/views/new_random_alias.py @@ -1,6 +1,5 @@ from flask import g from flask import jsonify, request -from flask_cors import cross_origin from app.api.base import api_bp, require_api_auth from app.api.serializer import ( @@ -14,7 +13,6 @@ from app.models import Alias, AliasUsedOn, AliasGeneratorEnum @api_bp.route("/alias/random/new", methods=["POST"]) -@cross_origin() @require_api_auth def new_random_alias(): """ diff --git a/app/api/views/notification.py b/app/api/views/notification.py index c56847e8..b1cddae5 100644 --- a/app/api/views/notification.py +++ b/app/api/views/notification.py @@ -1,7 +1,6 @@ from flask import g from flask import jsonify from flask import request -from flask_cors import cross_origin from app.api.base import api_bp, require_api_auth from app.config import PAGE_LIMIT @@ -10,7 +9,6 @@ from app.models import Notification @api_bp.route("/notifications", methods=["GET"]) -@cross_origin() @require_api_auth def get_notifications(): """ @@ -61,7 +59,6 @@ def get_notifications(): @api_bp.route("/notifications//read", methods=["POST"]) -@cross_origin() @require_api_auth def mark_as_read(notification_id): """ diff --git a/app/api/views/user_info.py b/app/api/views/user_info.py index fd0426ee..ec46cf30 100644 --- a/app/api/views/user_info.py +++ b/app/api/views/user_info.py @@ -1,11 +1,9 @@ from flask import jsonify, g -from flask_cors import cross_origin from app.api.base import api_bp, require_api_auth @api_bp.route("/user_info") -@cross_origin() @require_api_auth def user_info(): """ diff --git a/server.py b/server.py index e6916a14..50b65278 100644 --- a/server.py +++ b/server.py @@ -5,7 +5,7 @@ import sentry_sdk import ssl from flask import Flask, redirect, url_for, render_template, request, jsonify, flash from flask_admin import Admin -from flask_cors import cross_origin +from flask_cors import cross_origin, CORS from flask_login import current_user from sentry_sdk.integrations.aiohttp import AioHttpIntegration from sentry_sdk.integrations.flask import FlaskIntegration @@ -122,6 +122,9 @@ def create_app() -> Flask: } flask_profiler.init_app(app) + # enable CORS on /api endpoints + cors = CORS(app, resources={r"/api/*": {"origins": "*"}}) + return app