Add CORS to the API. Fix #404 (#407)

CHANGELOG.rst

@@ -8,10 +8,9 @@ This document describes changes between each past release.
 
 Added
 =====
-
+- Add CORS headers in the API (#407)
 - Document database migrations (#390)
 
-
 3.0 (2018-11-25)
 ----------------
 

ihatemoney/api.py

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from flask import Blueprint, request
 from flask_restful import Resource, Api, abort
+from flask_cors import CORS
 from wtforms.fields.core import BooleanField
 
 from ihatemoney.models import db, Project, Person, Bill
@@ -11,6 +12,7 @@ from functools import wraps
 
 
 api = Blueprint("api", __name__, url_prefix="/api")
+CORS(api)
 restful_api = Api(api)
 
 

ihatemoney/tests/tests.py

@@ -1020,6 +1020,16 @@ class APITestCase(IhatemoneyTestCase):
             ('%s:%s' % (username, password)).encode('utf-8')).decode('utf-8').replace('\n', '')
         return {"Authorization": "Basic %s" % base64string}
 
+    def test_cors_requests(self):
+        # Create a project and test that CORS headers are present if requested.
+        resp = self.api_create("raclette")
+        self.assertStatus(201, resp)
+
+        # Try to do an OPTIONS requests and see if the headers are correct.
+        resp = self.client.options("/api/projects/raclette",
+                                   headers=self.get_auth("raclette"))
+        self.assertEqual(resp.headers['Access-Control-Allow-Origin'], '*')
+
     def test_basic_auth(self):
         # create a project
         resp = self.api_create("raclette")

requirements.txt

@@ -8,6 +8,7 @@ flask-babel
 flask-restful>=0.3.6
 jinja2>=2.6
 blinker
+flask-cors
 six>=1.10
 itsdangerous>=0.24
 email_validator>=1.0