nimrod · nimrod · d9356ab8 · d9356ab8
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -123,7 +123,7 @@ repos:
      - id: pyupgrade

  - repo: https://github.com/hadialqattan/pycln.git
-    rev: v2.0.2
+    rev: v2.1.2
    hooks:
      - id: pycln


--- a/app.py
+++ b/app.py
@@ -5,25 +5,37 @@ import json
 import os

 import docker
-from flask import Flask, request
+from flask import Flask, Response, request

 app = Flask(__name__)
+app.config["MAX_CONTENT_LENGTH"] = 128
 client = docker.from_env()


-NAME = os.getenv("NC_NAME", "Nimrod Adar")
+ALLOWED_ORIGIN = os.getent("ALLOWED_ORIGIN", "https://www.shore.co.il")
 CONTAINER_NAME = os.getenv("NC_CONTAINER", "nextcloud-nextcloud-1")
+NAME = os.getenv("NC_NAME", "Nimrod Adar")
+
+HEADERS = {
+    "Access-Control-Allow-Credentials": False,
+    "Access-Control-Allow-Methods": "GET,POST",
+    "Access-Control-Allow-Origin": ALLOWED_ORIGIN,
+    "Cache-Control": "no-cache, no-store, max-age=0",
+    "X-Content-Type-Options": "nosniff",
+}


 @app.route("/ping")
 def ping():
    """Healthcheck."""
-    return "pong"
+    return Response("pong", mimetype="text/plain")


 @app.route("/send", methods=["GET", "POST"])
 def send_message():  # noqa: MC0001
    """Send a notification."""
+    if request.method == "OPTIONS":  # A CORS pre-flight request.
+        return Response(headers=HEADERS)
    if request.method == "POST":
        # Needs to be called before accessing other request parameters,
        # otherwise it will be empty.
@@ -69,4 +81,4 @@ def send_message():  # noqa: MC0001
    if result.exit_code != 0:
        raise RuntimeError(result.output.decode())

-    return message
+    return Response(message, mimetype="text/plain", headers=HEADERS)