Merge pull request #919 from GalaxyGamingBoy/master

cve-search · Aug 13, 2022 · faa66c8 · faa66c8
2 parents abf0223 + b192b28
commit faa66c8
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/etc/configuration.ini.sample b/etc/configuration.ini.sample
@@ -42,6 +42,8 @@ MountPath: /MOUNTY/MC/MOUNT
 
 [API]
 CVEMaxLimit: 1000
+CORS: False
+CORS_Allow_Origin: *
 
 [Logging]
 Logging: True

diff --git a/lib/Config.py b/lib/Config.py
@@ -80,6 +80,8 @@ class Configuration:
         "WebInterface": "Full",  # defaults to Full; choices are 'Full' or 'Minimal'
         "MountPath": "/MOUNT",  # must never end with a backslash...
         "CVEMaxLimit": 1000,
+        "CORS": False,
+        "CORS_Allow_Origin": "*",
     }
 
     sources = {
@@ -284,6 +286,16 @@ def getPageLength(cls):
     def getCVEMaxLimit(cls):
         return cls.readSetting("API", "CVEMaxLimit", cls.default["CVEMaxLimit"])
 
+    @classmethod
+    def getCORS(cls):
+        return cls.readSetting("API", "CORS", cls.default["CORS"])
+
+    @classmethod
+    def getCORSAllowOrigin(cls):
+        return cls.readSetting(
+            "API", "CORS_Allow_Origin", cls.default["CORS_Allow_Origin"]
+        )
+
     # Authentication
     @classmethod
     def loginRequired(cls):

diff --git a/web/run.py b/web/run.py
@@ -3,7 +3,7 @@
 import urllib
 from datetime import timedelta
 
-from flask import Flask, render_template
+from flask import Flask, render_template, request
 from flask_bootstrap import Bootstrap
 from flask_breadcrumbs import Breadcrumbs
 from flask_jwt_extended import JWTManager
@@ -91,6 +91,20 @@ def check_if_token_is_revoked(decrypted_token):
     login_manager.login_message = "You must be logged in to access this page!!!"
     login_manager.login_view = "auth.login"
 
+    # CORS
+    @app.after_request
+    def apply_caching(response):
+        reqURL = request.base_url
+        if (
+            config.getCORS()
+            and reqURL.count("/api/") == 1
+            and reqURL.count("/admin") == 0
+        ):
+            response.headers.add(
+                "Access-Control-Allow-Origin", config.getCORSAllowOrigin()
+            )
+        return response
+
     # OAuth 2 client setup
     if config.useOIDC():
         oidcClient = WebApplicationClient(config.getClientID())