Merge branch 'aarthy/security' into 'enterprise'

ci bot · ci bot · commit 905c60ed9bc1 · 2025-04-22T13:12:41.000Z
fix(cors): add missing headers

See merge request dkinternal/observability/dataops-observability!43
diff --git a/common/api/flask_ext/cors.py b/common/api/flask_ext/cors.py
@@ -12,7 +12,7 @@
 
 CORS_HEADERS: dict[str, str] = {
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
-    "Access-Control-Allow-Headers": "Origin, Host, Authorization, X-Forwarded-For",
+    "Access-Control-Allow-Headers": "Accept, Content-Type, Origin, Host, Authorization, X-Forwarded-For",
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
     # Add this only if we want to expose custom response headers
     # "Access-Control-Expose-Headers": "*",
