HTTPS + CORS

[kallewesterling]

I tested running a request on the toponym resolution tool using JavaScript's fetch function, and ran into two (possibly combined) issues: the API server does not currently have a CORS (Access-Control-Allow-Origin) header on the resource, and requests might be blocked because they are not served over HTTPS.

Possible solution to CORS problem

FastAPI offers a CORS middleware, CORSMiddleware which can easily be added to the app:

from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

origins = [
    "http://localhost.tiangolo.com",
    "https://localhost.tiangolo.com",
    "http://localhost",
    "http://localhost:8080",
]

app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

I think, for the origins list, we might want to let the value be ['*'] as we'd like to allow requests from anywhere (?). This is open for discussion, obviously.

Possible solution to HTTPS problem

The line that needs editing is:

https://github.com/Living-with-machines/toponym-resolution/blob/751b8a191f66fe4e7e9d55dc9b0a74812c019eb0/app/app_template.py#L70

This StackOverflow shows the change to the uvicorn.run command needed:

uvicorn.run(
               app,
               host="0.0.0.0",
               port=8432,
               ssl_keyfile="./localhost+4-key.pem",
               ssl_certfile="./localhost+4.pem"
         )

The StackOverflow uses a tool, mkcert, to create certificate files. I am sure there are other ways, but this seems fairly straightforward.