CORS headers for API

Bookworm-project · Feb 18, 2016 · 35cf1ef · 35cf1ef
1 parent 8a07ebf
commit 35cf1ef
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/bookwormDB/bin/dbbindings-flask.py b/bookwormDB/bin/dbbindings-flask.py
@@ -36,6 +36,11 @@ def main(JSONinput):
     else:
         resp.headers['Content-Type'] = "text/html"
 
+    resp.headers['Access-Control-Allow-Origin'] = '*'
+    resp.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
+    resp.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, '\
+            'Content-Type, X-Requested-With, X-CSRF-Token'
+
     return resp
 
 if __name__ == '__main__':

diff --git a/bookwormDB/bin/dbbindings.py b/bookwormDB/bin/dbbindings.py
@@ -9,6 +9,12 @@
 cgitb.enable()
 
 def headers(method):
+
+    print 'Access-Control-Allow-Origin: *'
+    print 'Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS'
+    print 'Access-Control-Allow-Headers: Origin, Accept, Content-Type, ' \
+            'X-Requested-With, X-CSRF-Token'
+
     if method!="return_tsv":
         print "Content-type: text/html\n"