adds CORS to CMS-only mortarRoute POST requests

Datawheel · May 16, 2024 · f630442 · f630442
1 parent 5076e07
commit f630442
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/packages/cms/src/api/mortarRoute.js b/packages/cms/src/api/mortarRoute.js
@@ -1,6 +1,7 @@
 const PromiseThrottle = require("promise-throttle"),
       axios = require("axios"),
       collate = require("../utils/collate"),
+      cors = require("cors"),
       formatters4eval = require("../utils/formatters4eval"),
       jwt = require("jsonwebtoken"),
       libs = require("../utils/libs"), /*leave this! needed for the variable functions.*/ //eslint-disable-line
@@ -412,9 +413,9 @@ module.exports = function(app) {
   };
 
   app.get("/api/story_generators/:pid", async(req, res) => res.json(await runStoryGenerators(req, req.params.pid, req.query.story_generator)));
-  app.post("/api/story_generators/:pid", async(req, res) => res.json(await runStoryGenerators(req, req.params.pid, req.query.story_generator, req.body.attributes)));
+  app.post("/api/story_generators/:pid", cors(), async(req, res) => res.json(await runStoryGenerators(req, req.params.pid, req.query.story_generator, req.body.attributes)));
   app.get("/api/generators/:pid", async(req, res) => res.json(await runGenerators(req, req.params.pid, req.query.generator)));
-  app.post("/api/generators/:pid", async(req, res) => res.json(await runGenerators(req, req.params.pid, req.query.generator, req.body.attributes)));
+  app.post("/api/generators/:pid", cors(), async(req, res) => res.json(await runGenerators(req, req.params.pid, req.query.generator, req.body.attributes)));
 
   const runMaterializers = async(req, variables, pid, isStory) => {
     const locale = req.query.locale ? req.query.locale : envLoc;
@@ -445,15 +446,15 @@ module.exports = function(app) {
     return returnVariables;
   };
 
-  app.post("/api/materializers/:pid", async(req, res) => {
+  app.post("/api/materializers/:pid", cors(), async(req, res) => {
     const {pid} = req.params;
     const {variables} = req.body;
     const materializer = await db.materializer.findOne({where: {profile_id: pid}}).catch(catcher);
     if (!materializer) return res.json({});
     return res.json(await runMaterializers(req, variables, materializer.profile_id));
   });
 
-  app.post("/api/story_materializers/:pid", async(req, res) => {
+  app.post("/api/story_materializers/:pid", cors(), async(req, res) => {
     const {pid} = req.params;
     const {variables} = req.body;
     const materializer = await db.story_materializer.findOne({where: {story_id: pid}}).catch(catcher);
@@ -817,7 +818,7 @@ module.exports = function(app) {
   */
 
   app.get("/api/profile", async(req, res) => await fetchProfile(req, res));
-  app.post("/api/profile", async(req, res) => await fetchProfile(req, res));
+  app.post("/api/profile", cors(), async(req, res) => await fetchProfile(req, res));
 
   const fetchStory = async(req, res) => {
     // take an arbitrary-length query of slugs and ids and turn them into objects