From 14208fd8e71874c13d8a29d33f24058569b69037 Mon Sep 17 00:00:00 2001
From: Marcin-Ramotowski <marcin00.mr@gmail.com>
Date: Sun, 13 Apr 2025 14:14:30 +0000
Subject: [PATCH] Implemented CORS

---
 api/app.py           | 3 +++
 api/requirements.txt | 1 +
 2 files changed, 4 insertions(+)

diff --git a/api/app.py b/api/app.py
index 90fa76f..9602129 100644
--- a/api/app.py
+++ b/api/app.py
@@ -1,5 +1,6 @@
 from dotenv import load_dotenv
 from flask import Flask, jsonify
+from flask_cors import CORS
 from flask_jwt_extended import JWTManager
 from jwt import ExpiredSignatureError
 from models import db, RevokedToken
@@ -12,6 +13,7 @@ def create_app(config_name="default"):
     """Creates and returns a new instance of Flask app."""
     load_dotenv()
     app = Flask(__name__)
+    CORS(app, supports_credentials=True, origins=os.getenv("CORS_ALLOWED_ORIGINS", "").split(","))
 
     # Database settings
     if config_name == "testing":
@@ -23,6 +25,7 @@ def create_app(config_name="default"):
 
     # JWT settings
     app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY", "changeme")
+    app.config["JWT_TOKEN_LOCATION"] = ["cookies", "headers"]
 
     # Blueprints registration
     app.register_blueprint(user_bp)
diff --git a/api/requirements.txt b/api/requirements.txt
index 20df243..be29389 100644
--- a/api/requirements.txt
+++ b/api/requirements.txt
@@ -1,6 +1,7 @@
 blinker==1.7.0
 click==8.1.7
 Flask==3.0.0
+flask-cors==5.0.1
 Flask-JWT-Extended==4.7.1
 Flask-SQLAlchemy==3.1.1
 greenlet==3.0.1