From 9a15f1e549c8dd43fa95e8402c66549ce28f1f90 Mon Sep 17 00:00:00 2001 From: Colton Loftus <70598503+C-Loftus@users.noreply.github.com> Date: Mon, 27 Apr 2026 16:19:33 -0400 Subject: [PATCH 1/3] Fix Flask Expose Headers --- pygeoapi/flask_app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pygeoapi/flask_app.py b/pygeoapi/flask_app.py index 1c5676af0..6e9da40ad 100644 --- a/pygeoapi/flask_app.py +++ b/pygeoapi/flask_app.py @@ -86,7 +86,7 @@ if CONFIG['server'].get('cors', False): try: from flask_cors import CORS - CORS(APP, CORS_EXPOSE_HEADERS=['*']) + CORS(APP, CORS_EXPOSE_HEADERS='*') except ModuleNotFoundError: print('Python package flask-cors required for CORS support') From 740f0444c293c838c8ddef6741ce2d08765d55d1 Mon Sep 17 00:00:00 2001 From: Colton Loftus <70598503+C-Loftus@users.noreply.github.com> Date: Mon, 27 Apr 2026 18:19:20 -0400 Subject: [PATCH 2/3] add a test --- pygeoapi/flask_app.py | 2 +- tests/api/test_api.py | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pygeoapi/flask_app.py b/pygeoapi/flask_app.py index 6e9da40ad..12fc30dbd 100644 --- a/pygeoapi/flask_app.py +++ b/pygeoapi/flask_app.py @@ -86,7 +86,7 @@ if CONFIG['server'].get('cors', False): try: from flask_cors import CORS - CORS(APP, CORS_EXPOSE_HEADERS='*') + CORS(APP, expose_headers='*') except ModuleNotFoundError: print('Python package flask-cors required for CORS support') diff --git a/tests/api/test_api.py b/tests/api/test_api.py index bee15c1b5..2e39657f0 100644 --- a/tests/api/test_api.py +++ b/tests/api/test_api.py @@ -280,6 +280,9 @@ def test_apirules_active(config_with_rules, rules_api): assert response.status_code == 200 response = flask_client.get(flask_prefix) assert response.status_code in (307, 308) + # Ensure that the expose-headers are set regardless of + # whether apirules are active or not + assert response.headers["Access-Control-Expose-Headers"] == "*" # Test links on landing page for correct URLs response = flask_client.get(flask_prefix, follow_redirects=True) @@ -342,6 +345,9 @@ def test_apirules_inactive(config, api_): flask_client.application.url_for('pygeoapi.conformance') response = flask_client.get('/static/img/pygeoapi.png') assert response.status_code == 200 + # Ensure that the expose-headers are set regardless of + # whether apirules are active or not + assert response.headers["Access-Control-Expose-Headers"] == "*" # Test trailing slashes response = flask_client.get('/') From 3b159d35773527490e81069c04c4712fbd261ca6 Mon Sep 17 00:00:00 2001 From: Colton Loftus <70598503+C-Loftus@users.noreply.github.com> Date: Mon, 27 Apr 2026 18:42:18 -0400 Subject: [PATCH 3/3] switch to single quotes --- tests/api/test_api.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/api/test_api.py b/tests/api/test_api.py index 2e39657f0..d14ae13ab 100644 --- a/tests/api/test_api.py +++ b/tests/api/test_api.py @@ -282,7 +282,7 @@ def test_apirules_active(config_with_rules, rules_api): assert response.status_code in (307, 308) # Ensure that the expose-headers are set regardless of # whether apirules are active or not - assert response.headers["Access-Control-Expose-Headers"] == "*" + assert response.headers['Access-Control-Expose-Headers'] == '*' # Test links on landing page for correct URLs response = flask_client.get(flask_prefix, follow_redirects=True) @@ -347,7 +347,7 @@ def test_apirules_inactive(config, api_): assert response.status_code == 200 # Ensure that the expose-headers are set regardless of # whether apirules are active or not - assert response.headers["Access-Control-Expose-Headers"] == "*" + assert response.headers['Access-Control-Expose-Headers'] == '*' # Test trailing slashes response = flask_client.get('/')