From 17c45e746bae9b6bb1252cb99f3be602927637c6 Mon Sep 17 00:00:00 2001
From: user <unexpected@gmail.com>
Date: Mon, 4 Mar 2024 17:25:54 +0300
Subject: [PATCH] dev@locazia: add CORS headers

---
 app/api/middleware.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/api/middleware.py b/app/api/middleware.py
index b305b73..fd920f5 100644
--- a/app/api/middleware.py
+++ b/app/api/middleware.py
@@ -76,6 +76,7 @@ async def close_request_handler(request, response):
 async def close_db_session(request, response):
     request, response = await close_request_handler(request, response)
     response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
-    response.headers["Access-Control-Allow-Headers"] = "Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token, Authorization, Refer"
+    response.headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"
+    response.headers["Access-Control-Allow-Headers"] = "Origin, Content-Type, Accept, Authorization, Referer, User-Agent, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site"
+    response.headers["Access-Control-Allow-Credentials"] = "true"
     return response