Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 24 additions & 7 deletions api/app/__init__.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
from flask import Flask, g, url_for, redirect, render_template, request, flash
from flask_cors import CORS
import flask_restful as restful
from flask_sqlalchemy import SQLAlchemy
from flask_bcrypt import Bcrypt
Expand All @@ -15,12 +14,6 @@

app = Flask(__name__)
app.config.from_object('config')
_allowed_origins = [
app.config.get('BOABAB_HOST', 'http://localhost:8080').rstrip('/'),
'http://localhost:3000',
'http://localhost:8080',
]
CORS(app, resources={r"/api/*": {"origins": _allowed_origins}}, supports_credentials=True)
print((app.config['SQLALCHEMY_DATABASE_URI']))
rest_api = restful.Api(app)
db = SQLAlchemy(app)
Expand Down Expand Up @@ -92,6 +85,30 @@ def populate_organisation():
domain = get_domain()
g.organisation = OrganisationResolver.resolve_from_domain(domain)

CORS_ALLOWED_METHODS = 'GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS'

@app.after_request
def set_cors_headers(response):
# populate_organisation() above already rejects any /api/* request whose
# Origin/Referer domain doesn't match a known Organisation, so reflecting
# the Origin back here is only ever done for domains we've already
# validated against the Organisation table - no separate allow-list to
# keep in sync with webapp/dispatch.yaml.
if not request.path.startswith('/api/') or getattr(g, 'organisation', None) is None:
return response
origin = request.environ.get('HTTP_ORIGIN', '')
if not origin:
return response
response.headers['Access-Control-Allow-Origin'] = origin
response.headers['Access-Control-Allow-Credentials'] = 'true'
response.headers.add('Vary', 'Origin')
if request.method == 'OPTIONS':
response.headers['Access-Control-Allow-Methods'] = CORS_ALLOWED_METHODS
requested_headers = request.environ.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')
if requested_headers:
response.headers['Access-Control-Allow-Headers'] = requested_headers
return response

## Flask Admin Config

# set optional bootswatch theme
Expand Down
Binary file added api/app/invoice/invoice.pdf
Binary file not shown.
1 change: 0 additions & 1 deletion api/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ pytest
passlib
pytz
six
flask-cors
python-dateutil
gunicorn
google-cloud-storage
Expand Down
2 changes: 0 additions & 2 deletions webapp/src/pages/eventHome/EventHome.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ import { useInstall } from '../../context/InstallContext';
import { EventAppProgramme, ProgrammeEditor, EventAppAnnouncements, AnnouncementDetail, AnnouncementsAdmin, MyTicket, CheckinConsole, BadgeExport, MyProfile, ViewMemberProfile, ProfileBrowser, ScanConnect, Connections, ConnectLanding, DiscussionBoard, DiscussionThread, NewDiscussionThread, DiscussionReportsAdmin } from '../eventApp';
import EventDashboard from '../eventDashboard';
import ResourceLinksAdmin from '../resourceLinks';
import ConsentGate from '../../components/ConsentGate';

function iconCls(icon) {
if (!icon) return null;
Expand Down Expand Up @@ -931,7 +930,6 @@ class EventHome extends Component {
/>
)}
/>
<ConsentGate event={event} />
</div>
</div>
);
Expand Down
1 change: 1 addition & 0 deletions webapp/src/pages/review/Review.css
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@
}

.question.review {
position: relative;
padding-left: 2em;
}

Expand Down