HTTPS/CORS improvements: Enable CORS for player connections, secure session cookies, add certificate endpoint, nginx CORS headers

2026-01-16 22:29:49 +02:00
parent cf44843418
commit c4e43ce69b
15 changed files with 3497 additions and 0 deletions
--- a/app/app.py
+++ b/app/app.py
@@ -52,6 +52,18 @@ def create_app(config_name=None):
    # Configure Flask-Login
    configure_login_manager(app)
    
+    # Initialize CORS for player API access
+    from app.extensions import cors
+    cors.init_app(app, resources={
+        r"/api/*": {
+            "origins": ["*"],
+            "methods": ["GET", "POST", "OPTIONS", "PUT", "DELETE"],
+            "allow_headers": ["Content-Type", "Authorization"],
+            "supports_credentials": True,
+            "max_age": 3600
+        }
+    })
+    
    # Register components
    register_blueprints(app)
    register_error_handlers(app)