File size: 1,216 Bytes
6640531 8ad5d56 1ebdc66 0e859f8 1ebdc66 8ad5d56 dbbc4dd 8ad5d56 dbbc4dd 5065afa dbbc4dd 8ad5d56 6640531 1ebdc66 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
from flask import Flask
from flask_cors import CORS
def create_app():
app = Flask(__name__,
static_folder='static',
template_folder='templates')
# Configure CORS
CORS(app, resources={
r"/*": {
"origins": [
r"https://.*\.hf\.space", # any HF Space subdomain
"https://<your-username>.github.io",
"https://www.<your-domain>.com",
"http://localhost:5000",
"http://127.0.0.1:5000",
],
"methods": ["GET", "POST", "OPTIONS"],
"allow_headers": ["Content-Type"]
}
})
# Configure security headers (CORS is already handled by flask-cors above)
@app.after_request
def add_security_headers(response):
# Add security headers but don't override CORS (flask-cors handles it)
response.headers['X-Content-Type-Options'] = 'nosniff'
# response.headers['X-Frame-Options'] = 'SAMEORIGIN'
response.headers['X-XSS-Protection'] = '1; mode=block'
return response
# Register blueprints
from app.routes import main
app.register_blueprint(main)
return app |