From 3298343d86ea36e3f15512975211eaed62173e44 Mon Sep 17 00:00:00 2001
From: timzeis <tim@zeisgroup.com>
Date: Thu, 27 Feb 2014 14:06:48 -0600
Subject: [PATCH] added 'Access-Control-Allow-Origin':* header to responses

---
 src/controllers/base.py   | 6 ++++++
 src/controllers/public.py | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/src/controllers/base.py b/src/controllers/base.py
index c734c67..c5e0aa1 100644
--- a/src/controllers/base.py
+++ b/src/controllers/base.py
@@ -71,6 +71,7 @@ def RenderHtmlTemplate(self, template_name, template_values=None):
     self.response.headers['Content-Type'] = 'text/html; charset=UTF-8'
     self.response.headers['Content-Disposition'] = 'inline'
     self.response.headers['X-Frame-Options'] = 'SAMEORIGIN'
+    self.response.headers['Access-Control-Allow-Origin'] = '*'
     template = jinja_environment.get_template(template_name)
     self.response.write(template.render(template_values))
 
@@ -84,6 +85,7 @@ def RenderCsv(self, csv_content, status=200):
     self.response.headers['Content-Type'] = 'text/csv; charset=UTF-8'
     self.response.headers['Content-Disposition'] = (
         'attachment; filename=query_response.csv')
+    self.response.headers['Access-Control-Allow-Origin'] = '*'
     self.response.set_status(status)
     self.response.write(csv_content)
 
@@ -96,6 +98,7 @@ def RenderHtml(self, html_content, status=200):
     """
     self.response.headers['Content-Type'] = 'text/html; charset=UTF-8'
     self.response.headers['Content-Disposition'] = 'inline'
+    self.response.headers['Access-Control-Allow-Origin'] = '*'
     self.response.set_status(status)
     self.response.write(html_content)
 
@@ -111,6 +114,7 @@ def RenderJson(self, json_response, status=200):
     """
     self.response.set_status(status)
     self.response.headers['Content-Disposition'] = 'inline'
+    self.response.headers['Access-Control-Allow-Origin'] = '*'
     if self.request.get('callback'):  # JSONP Support
       self.response.headers['Content-Type'] = (
           'application/javascript; charset=UTF-8')
@@ -130,6 +134,7 @@ def RenderText(self, text, status=200):
     """
     self.response.headers['Content-Type'] = 'text/plain; charset=UTF-8'
     self.response.headers['Content-Disposition'] = 'inline'
+    self.response.headers['Access-Control-Allow-Origin'] = '*'
     self.response.set_status(status)
     self.response.write(text)
 
@@ -144,5 +149,6 @@ def RenderTsv(self, tsv_content, status=200):
                                              'charset=UTF-16LE')
     self.response.headers['Content-Disposition'] = (
         'attachment; filename=query_response.tsv')
+    self.response.headers['Access-Control-Allow-Origin'] = '*'
     self.response.set_status(status)
     self.response.write(tsv_content)
diff --git a/src/controllers/public.py b/src/controllers/public.py
index f9ba70d..f35725e 100644
--- a/src/controllers/public.py
+++ b/src/controllers/public.py
@@ -49,6 +49,9 @@ def get(self):
     content. If there is an error then the error message will be rendered
     using the default response format.
     """
+
+    self.response.headers.add_header('Access-Control-Allow-Origin', '*')
+    
     query_id = self.request.get('id')
     response_format = str(self.request.get('format', co.DEFAULT_FORMAT))