Add: CORS * in development; use --unsafe-cors to enable

backend.py

@@ -512,7 +512,10 @@ async def api(request):
     test_index += 1
     result = await session.test(screen_name)
     log(json.dumps(result) + '\n')
-    return web.json_response(result)
+    if (args.unsafe_cors):
+        return web.json_response(result, headers={"Access-Control-Allow-Origin": "*"})
+    else:
+        return web.json_response(result)
 
 async def login_accounts(accounts, cookie_dir=None):
     if cookie_dir is not None and not os.path.isdir(cookie_dir):
@@ -548,9 +551,17 @@ parser.add_argument('--mongo-host', type=str, default='localhost', help='hostnam
 parser.add_argument('--mongo-port', type=int, default=27017, help='port of mongoDB service to connect to')
 parser.add_argument('--mongo-db', type=str, default='tester', help='name of mongo database to use')
 parser.add_argument('--twitter-auth-key', type=str, default=None, help='auth key for twitter guest session', required=True)
+parser.add_argument('--unsafe-cors', action='store_true', help='Enable UNSAFE *-CORS on /screenName route')
 args = parser.parse_args()
 
 TwitterSession.twitter_auth_key = args.twitter_auth_key
+
+if (args.unsafe_cors):
+    debug("!! !! !! !! !! !! !! !! !! !! !! !! !! !! !! !! !! !!")
+    debug("!! ALLOWING UNSAFE CORS REQUESTS FROM *")
+    debug("!! Do not do this in production!")
+    debug("!! !! !! !! !! !! !! !! !! !! !! !! !! !! !! !! !! !!")
+
 ensure_dir(args.cookie_dir)
 
 with open(args.account_file, "r") as f: