From 3fe9d253675dd4f1e76a5b8ea76e38f765aa6130 Mon Sep 17 00:00:00 2001
From: Travis Rivers <trivers@contractor.usgs.gov>
Date: Thu, 3 Sep 2020 10:40:32 -0600
Subject: [PATCH] update headers, remove headers from secure app

---
 geomagio/api/secure/app.py | 8 --------
 geomagio/api/ws/app.py     | 6 +++++-
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/geomagio/api/secure/app.py b/geomagio/api/secure/app.py
index 81aaacb1f..753b9e3bc 100644
--- a/geomagio/api/secure/app.py
+++ b/geomagio/api/secure/app.py
@@ -33,14 +33,6 @@ app.include_router(login_router)
 app.include_router(metadata_router)
 
 
-@app.middleware("http")
-async def add_headers(request: Request, call_next):
-    response = await call_next(request)
-    response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Cache-Control"] = "no-cache"
-    return response
-
-
 @app.get("/")
 async def index(request: Request, user: User = Depends(current_user)):
     """Route to demo user login."""
diff --git a/geomagio/api/ws/app.py b/geomagio/api/ws/app.py
index 56c4b8aaf..8d72e3261 100644
--- a/geomagio/api/ws/app.py
+++ b/geomagio/api/ws/app.py
@@ -35,7 +35,11 @@ app.include_router(observatories.router)
 async def add_headers(request: Request, call_next):
     response = await call_next(request)
     response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Cache-Control"] = "864000"
+    response.headers["Access-Control-Allow-Methods"] = "*"
+    response.headers[
+        "Access-Control-Allow-Headers"
+    ] = "accept, origin, authorization, content-type"
+    response.headers["Cache-Control"] = "max-age=60"
     return response
 
 
-- 
GitLab