updated authentication of instances

routes/admin_api.py

@@ -1,4 +1,4 @@
-from flask import Blueprint, jsonify, request, current_app
+from flask import Blueprint, jsonify, request, current_app, make_response
 from functools import wraps
 from models import (
     KeyValueSettings, User, Room, Conversation, RoomFile,
@@ -13,6 +13,25 @@ import secrets
 
 admin_api = Blueprint('admin_api', __name__)
 
+def add_cors_headers(response):
+    """Add CORS headers to the response"""
+    response.headers['Access-Control-Allow-Origin'] = '*'
+    response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
+    response.headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization, X-API-Key, X-CSRF-Token'
+    return response
+
+@admin_api.before_request
+def handle_preflight():
+    """Handle preflight requests"""
+    if request.method == 'OPTIONS':
+        response = make_response()
+        return add_cors_headers(response)
+
+@admin_api.after_request
+def after_request(response):
+    """Add CORS headers to all responses"""
+    return add_cors_headers(response)
+
 def token_required(f):
     @wraps(f)
     def decorated(*args, **kwargs):