From 99a2c934a3f98b0ea833ffe20d6d8a8ff820106d Mon Sep 17 00:00:00 2001
From: Debanjum Singh Solanky <debanjum@gmail.com>
Date: Tue, 17 Oct 2023 02:54:18 -0700
Subject: [PATCH] Add CORS policy to allow requests from khoj apps, obsidian &
 localhost

Using fetch from Khoj Obsidian plugin was failing due to cross-origin
request and method: no-cors didn't allow passing x-api-key custom
header. And using Obsidian's request with multi-part/form-data wasn't
possible either.
---
 src/khoj/main.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/khoj/main.py b/src/khoj/main.py
index 6710ed05..7b1bfd7e 100644
--- a/src/khoj/main.py
+++ b/src/khoj/main.py
@@ -20,6 +20,7 @@ warnings.filterwarnings("ignore", message=r"legacy way to download files from th
 # External Packages
 import uvicorn
 from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 from rich.logging import RichHandler
 import schedule
 
@@ -31,6 +32,15 @@ from khoj.utils.cli import cli
 # Initialize the Application Server
 app = FastAPI()
 
+# Add CORS middleware
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["app://obsidian.md", "http://localhost:*", "https://app.khoj.dev/*", "app://khoj.dev"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
 # Set Locale
 locale.setlocale(locale.LC_ALL, "")