dev@locazia: add CORS headers

app/api/middleware.py

@@ -76,6 +76,7 @@ async def close_request_handler(request, response):
 async def close_db_session(request, response):
     request, response = await close_request_handler(request, response)
     response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
+    response.headers["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"
-    response.headers["Access-Control-Allow-Headers"] = "Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token, Authorization, Refer"
+    response.headers["Access-Control-Allow-Headers"] = "Origin, Content-Type, Accept, Authorization, Referer, User-Agent, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site"
+    response.headers["Access-Control-Allow-Credentials"] = "true"
     return response