File size: 1,216 Bytes
6640531
 
 
 
8ad5d56
 
 
 
 
 
 
1ebdc66
 
 
 
 
0e859f8
1ebdc66
8ad5d56
 
 
 
 
dbbc4dd
8ad5d56
 
dbbc4dd
 
5065afa
dbbc4dd
8ad5d56
6640531
 
 
 
 
1ebdc66
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
from flask import Flask
from flask_cors import CORS

def create_app():
    app = Flask(__name__, 
                static_folder='static',
                template_folder='templates')
    
    # Configure CORS
    CORS(app, resources={
        r"/*": {
            "origins": [
                r"https://.*\.hf\.space",        # any HF Space subdomain
                "https://<your-username>.github.io",
                "https://www.<your-domain>.com",
                "http://localhost:5000",
                "http://127.0.0.1:5000",
            ],
            "methods": ["GET", "POST", "OPTIONS"],
            "allow_headers": ["Content-Type"]
        }
    })
    
    # Configure security headers (CORS is already handled by flask-cors above)
    @app.after_request
    def add_security_headers(response):
        # Add security headers but don't override CORS (flask-cors handles it)
        response.headers['X-Content-Type-Options'] = 'nosniff'
        # response.headers['X-Frame-Options'] = 'SAMEORIGIN'
        response.headers['X-XSS-Protection'] = '1; mode=block'
        return response
    
    # Register blueprints
    from app.routes import main
    app.register_blueprint(main)
    
    return app