MrSphay/odysseus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restrict credentialed CORS headers

Browse Source
This commit is contained in:
pewdiepie-archdaemon
2026-06-01 10:54:08 +09:00
parent 7dd12fc3ad
commit 67f1675130
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app.py
View File

@@ -54,7 +54,17 @@ app.add_middleware(
allow_origins=allowed_origins, allow_origins=allowed_origins,
allow_credentials=True, allow_credentials=True,
allow_methods=["GET", "POST", "PUT", "DELETE"], allow_methods=["GET", "POST", "PUT", "DELETE"],
allow_headers=["*"], allow_headers=[
"Accept",
"Authorization",
"Content-Type",
"X-API-Key",
"X-Auth-Token",
"X-Odysseus-Internal-Token",
"X-Odysseus-Owner",
"X-Requested-With",
"X-TZ-Offset",
],
) )
# ========= SECURITY HEADERS MIDDLEWARE ========= # ========= SECURITY HEADERS MIDDLEWARE =========