From cb9e8e0136b04799e72c37c1f6812696e4d7ede0 Mon Sep 17 00:00:00 2001
From: Cathy Hu <cathy.hu@fau.de>
Date: Sat, 25 Jul 2020 13:34:18 +0200
Subject: [PATCH] [core] Add cors_allow_origin and production config option

---
 kibicara/config.py   | 2 ++
 kibicara/kibicara.py | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/kibicara/config.py b/kibicara/config.py
index 0d3f6b4..f3d9e69 100644
--- a/kibicara/config.py
+++ b/kibicara/config.py
@@ -26,6 +26,8 @@ config = {
     'database_connection': 'sqlite:////tmp/kibicara.sqlite',
     'frontend_path': None,
     'root_url': 'http://localhost:8000',
+    'production': True,
+    'cors_allow_origin': 'http://localhost:4200',
 }
 """ Default configuration.
 
diff --git a/kibicara/kibicara.py b/kibicara/kibicara.py
index 76030ce..7ab9584 100644
--- a/kibicara/kibicara.py
+++ b/kibicara/kibicara.py
@@ -7,6 +7,7 @@
 
 from asyncio import run as asyncio_run
 from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 from fastapi.staticfiles import StaticFiles
 from hypercorn.config import Config
 from hypercorn.asyncio import serve
@@ -57,6 +58,14 @@ class Main:
         server_config = Config()
         server_config.accesslog = '-'
         app.include_router(router, prefix='/api')
+        if not config['production'] and config['cors_allow_origin']:
+            app.add_middleware(
+                CORSMiddleware,
+                allow_origins=config['cors_allow_origin'],
+                allow_credentials=True,
+                allow_methods=["*"],
+                allow_headers=["*"],
+            )
         if config['frontend_path'] is not None:
             app.mount(
                 '/',