From 86f4de7958b5aad8d9482ba13f16f58653f25822 Mon Sep 17 00:00:00 2001
From: Mathieu Virbel <mat@meltingrocks.com>
Date: Wed, 18 Oct 2023 12:41:15 +0200
Subject: [PATCH] server: allow CORS credentials

---
 server/reflector/app.py      | 1 +
 server/reflector/settings.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/server/reflector/app.py b/server/reflector/app.py
index 1f79c997..758faf69 100644
--- a/server/reflector/app.py
+++ b/server/reflector/app.py
@@ -46,6 +46,7 @@ else:
 app = FastAPI(lifespan=lifespan)
 app.add_middleware(
     CORSMiddleware,
+    allow_credentials=settings.CORS_ALLOW_CREDENTIALS or False,
     allow_origins=settings.CORS_ORIGIN.split(","),
     allow_methods=["*"],
     allow_headers=["*"],
diff --git a/server/reflector/settings.py b/server/reflector/settings.py
index ff3b0aa2..e61c6d96 100644
--- a/server/reflector/settings.py
+++ b/server/reflector/settings.py
@@ -8,6 +8,7 @@ class Settings(BaseSettings):
 
     # CORS
     CORS_ORIGIN: str = "*"
+    CORS_ALLOW_CREDENTIALS: bool = False
 
     # Database
     DATABASE_URL: str = "sqlite:///./reflector.sqlite3"