allow origin star to access API

1 files changed, 5 insertions, 0 deletions

diff --git a/talerbank/app/views.py b/talerbank/app/views.py
index 2597336..9a21ff2 100644
--- a/talerbank/app/views.py
+++ b/talerbank/app/views.py
@@ -1320,6 +1320,7 @@ def wire_transfer(amount, debit_account, credit_account, subject, request_uid=No
 @csrf_exempt
 @require_GET
 @login_via_headers
+@allow_origin_star
 def bank_accounts_api_balance(request, user_account, acct_id):
     """
     Query the balance for an account.
@@ -1347,6 +1348,7 @@ def bank_accounts_api_balance(request, user_account, acct_id):
 @csrf_exempt
 @require_POST
 @login_via_headers
+@allow_origin_star
 def bank_accounts_api_create_withdrawal(request, user, acct_id):
     user_account = BankAccount.objects.get(user=user)
 
@@ -1376,6 +1378,7 @@ def bank_accounts_api_create_withdrawal(request, user, acct_id):
 @csrf_exempt
 @require_GET
 @login_via_headers
+@allow_origin_star
 def bank_accounts_api_get_withdrawal(request, user, acct_id, wid):
     user_account = BankAccount.objects.get(user=user)
     if acct_id != user_account.user.username:
@@ -1419,6 +1422,7 @@ def abort_withdrawal(request, withdraw_id):
 @csrf_exempt
 @require_POST
 @login_via_headers
+@allow_origin_star
 def bank_accounts_api_abort_withdrawal(request, user, acct_id, wid):
     user_account = BankAccount.objects.get(user=user)
     if acct_id != user_account.user.username:
@@ -1434,6 +1438,7 @@ def bank_accounts_api_abort_withdrawal(request, user, acct_id, wid):
 @csrf_exempt
 @require_POST
 @login_via_headers
+@allow_origin_star
 def bank_accounts_api_confirm_withdrawal(request, user, acct_id, wid):
     user_account = BankAccount.objects.get(user=user)
     if acct_id != user_account.user.username: