diff --git a/docs/src/intro.md b/docs/src/intro.md index 8941f6aa0..22baee91c 100644 --- a/docs/src/intro.md +++ b/docs/src/intro.md @@ -35,6 +35,7 @@ The default application can be customized using environment variables defined in - `NAME` (str): name of the application. Defaults to `titiler`. - `CORS_ORIGINS` (str, `,` delimited origins): allowed CORS origin. Defaults to `*`. +- `CORS_ALLOW_METHODS` (str, `,` delimited methods): allowed CORS methods. Defaults to `GET`. - `CACHECONTROL` (str): Cache control header to add to responses. Defaults to `"public, max-age=3600"`. - `ROOT_PATH` (str): path behind proxy. - `DEBUG` (str): adds `LoggerMiddleware` and `TotalTimeMiddleware` in the middleware stack. diff --git a/src/titiler/application/titiler/application/main.py b/src/titiler/application/titiler/application/main.py index d9508a611..b7e1af4a0 100644 --- a/src/titiler/application/titiler/application/main.py +++ b/src/titiler/application/titiler/application/main.py @@ -120,7 +120,7 @@ CORSMiddleware, allow_origins=api_settings.cors_origins, allow_credentials=True, - allow_methods=["GET"], + allow_methods=api_settings.cors_allow_methods, allow_headers=["*"], ) diff --git a/src/titiler/application/titiler/application/settings.py b/src/titiler/application/titiler/application/settings.py index 2b6171082..81aa86587 100644 --- a/src/titiler/application/titiler/application/settings.py +++ b/src/titiler/application/titiler/application/settings.py @@ -9,6 +9,7 @@ class ApiSettings(BaseSettings): name: str = "TiTiler" cors_origins: str = "*" + cors_allow_methods: str = "GET" cachecontrol: str = "public, max-age=3600" root_path: str = "" debug: bool = False @@ -25,3 +26,8 @@ class ApiSettings(BaseSettings): def parse_cors_origin(cls, v): """Parse CORS origins.""" return [origin.strip() for origin in v.split(",")] + + @field_validator("cors_allow_methods") + def parse_cors_allow_methods(cls, v): + """Parse CORS allowed methods.""" + return [method.strip().upper() for method in v.split(",")]