Merge pull request #3 from CSCfi/feature/cors

add cors
CSCfi · Jun 17, 2022 · 808f6c8 · 808f6c8
2 parents 782dfcf + 0cbb12f
commit 808f6c8
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -19,7 +19,8 @@ Configuration variables are set in [config.json](config.json), which resides at
     "url_callback": "http://localhost:8080/callback",
     "url_redirect": "http://localhost:8080/frontend",
     "scope": "openid",
-    "cookie_domain": ""
+    "cookie_domain": "",
+    "cors_domains": [""]
 }
 ```
 The app contacts `url_oidc` on startup and retrieves the `authorization_endpoint`, `token_endpoint`, `revocation_endpoint` and `userinfo_endpoint` values, which are used at `/login`, `/callback`, `/logout` and `/userinfo` respectively.

diff --git a/main.py b/main.py
@@ -15,6 +15,7 @@
 from fastapi import FastAPI, Cookie
 from fastapi.exceptions import HTTPException
 from fastapi.responses import PlainTextResponse, RedirectResponse, JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
 
 # the web app
 app = FastAPI()
@@ -41,6 +42,15 @@
 @app.on_event("startup")
 async def startup_event():
     """Request OpenID configuration from OpenID provider."""
+    # add CORS middleware
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=CONFIG["cors_domains"],
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+    # get missing OIDC configurations
     async with httpx.AsyncClient(verify=False) as client:
         # request OpenID provider endpoints from their configuration
         LOG.debug(f"requesting OpenID configuration from {CONFIG['url_oidc']}")