From 04306f0151c08e202c7a7f1af1f09365374d70cf Mon Sep 17 00:00:00 2001
From: Karsten Hopp <karsten@redhat.com>
Date: Dec 16 2019 11:27:23 +0000
Subject: [PATCH 1/3] Respond with CORS headers


Respond with CORS headers to tell modern browsers
that this cross-origin HTTP request should be allowed.

Signed-off-by: Karsten Hopp <karsten@redhat.com>

---

diff --git a/mdapi/server.py b/mdapi/server.py
index 514a253..9486a9c 100644
--- a/mdapi/server.py
+++ b/mdapi/server.py
@@ -2,6 +2,7 @@ import logging
 import logging.config
 
 from aiohttp import web
+from aiohttp.web import middleware
 
 from mdapi import CONFIG
 from mdapi.views import (
@@ -21,6 +22,13 @@ from mdapi.views import (
         get_pkg_changelog
 )
 
+@middleware
+async def add_cors_headers(request, handler):
+    resp = await handler(request)
+    resp.headers['Access-Control-Allow-Origin'] = '*'
+    resp.headers['Access-Control-Allow-Methods'] = 'GET1'
+    resp.headers['Access-Control-Allow-Headers'] = 'Content-Type'
+    return resp
 
 async def init_app():
     """ Creates the aiohttp application.
@@ -30,7 +38,7 @@ async def init_app():
     logging.basicConfig()
     logging.config.dictConfig(CONFIG.get("LOGGING") or {"version": 1})
 
-    app = web.Application()
+    app = web.Application(middlewares=[add_cors_headers])
 
     app.add_routes([
         web.get('/', index),

From 8cfbec9a69444c86c514e7381000ebe80af3393a Mon Sep 17 00:00:00 2001
From: Karsten Hopp <karsten@redhat.com>
Date: Dec 16 2019 12:01:37 +0000
Subject: [PATCH 2/3] fix typo


---

diff --git a/mdapi/server.py b/mdapi/server.py
index 9486a9c..4ec457f 100644
--- a/mdapi/server.py
+++ b/mdapi/server.py
@@ -26,7 +26,7 @@ from mdapi.views import (
 async def add_cors_headers(request, handler):
     resp = await handler(request)
     resp.headers['Access-Control-Allow-Origin'] = '*'
-    resp.headers['Access-Control-Allow-Methods'] = 'GET1'
+    resp.headers['Access-Control-Allow-Methods'] = 'GET'
     resp.headers['Access-Control-Allow-Headers'] = 'Content-Type'
     return resp
 

From 4a574df627fe3ca8c4c2f995d7aa4a89e26ed728 Mon Sep 17 00:00:00 2001
From: Karsten Hopp <karsten@redhat.com>
Date: Dec 16 2019 12:03:37 +0000
Subject: [PATCH 3/3] remove Access-Control-Allow-Headers


---

diff --git a/mdapi/server.py b/mdapi/server.py
index 4ec457f..9b0f3f6 100644
--- a/mdapi/server.py
+++ b/mdapi/server.py
@@ -27,7 +27,6 @@ async def add_cors_headers(request, handler):
     resp = await handler(request)
     resp.headers['Access-Control-Allow-Origin'] = '*'
     resp.headers['Access-Control-Allow-Methods'] = 'GET'
-    resp.headers['Access-Control-Allow-Headers'] = 'Content-Type'
     return resp
 
 async def init_app():