| from flask import Flask | |
| from flask_cors import CORS | |
| def create_app(): | |
| app = Flask(__name__, | |
| static_folder='static', | |
| template_folder='templates') | |
| # Configure CORS | |
| CORS(app, resources={ | |
| r"/*": { | |
| "origins": [ | |
| r"https://.*\.hf\.space", # any HF Space subdomain | |
| "https://<your-username>.github.io", | |
| "https://www.<your-domain>.com", | |
| "http://localhost:5000", | |
| "http://127.0.0.1:5000", | |
| ], | |
| "methods": ["GET", "POST", "OPTIONS"], | |
| "allow_headers": ["Content-Type"] | |
| } | |
| }) | |
| # Configure security headers | |
| def add_security_headers(response): | |
| response.headers['Access-Control-Allow-Origin'] = '*' | |
| response.headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS' | |
| response.headers['Access-Control-Allow-Headers'] = 'Content-Type' | |
| return response | |
| # Register blueprints | |
| from app.routes import main | |
| app.register_blueprint(main) | |
| return app |