From 89c6197f098a833057d7df9119292d01a18449df Mon Sep 17 00:00:00 2001
From: Amy Chen <amysbubble@MacBook-Pro-137.local>
Date: Wed, 28 May 2025 10:04:10 -0700
Subject: [PATCH 1/2] add DELETE for allowed FHIR API method

---
 sof_wrapper/api/fhir.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sof_wrapper/api/fhir.py b/sof_wrapper/api/fhir.py
index 7c3656e..4ee9211 100644
--- a/sof_wrapper/api/fhir.py
+++ b/sof_wrapper/api/fhir.py
@@ -299,6 +299,6 @@ def route_fhir(relative_path, session_id):
 def add_header(response):
     response.headers['Access-Control-Allow-Origin'] = '*'
     response.headers['Access-Control-Allow-Headers'] = 'Authorization, Cache-Control, Content-Type'
-    response.headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS, POST, PUT'
+    response.headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS, POST, PUT, DELETE'
 
     return response

From 3832c76f8a0cd5448a1786812e64c4af5c0fc6e1 Mon Sep 17 00:00:00 2001
From: Amy Chen <amysbubble@MacBook-Pro-137.local>
Date: Wed, 28 May 2025 10:33:45 -0700
Subject: [PATCH 2/2] fix based on feedback

---
 sof_wrapper/api/fhir.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sof_wrapper/api/fhir.py b/sof_wrapper/api/fhir.py
index 4ee9211..8a0c239 100644
--- a/sof_wrapper/api/fhir.py
+++ b/sof_wrapper/api/fhir.py
@@ -243,8 +243,8 @@ def patient_by_id(id):
 
 
 @blueprint.route('/fhir-router/', defaults={'relative_path': '', 'session_id': None})
-@blueprint.route('/fhir-router/<string:session_id>/<path:relative_path>', methods=('GET', 'POST', 'PUT'))
-@blueprint.route('/fhir-router/<string:session_id>/', defaults={'relative_path': ''}, methods=('GET', 'POST', 'PUT'))
+@blueprint.route('/fhir-router/<string:session_id>/<path:relative_path>', methods=('DELETE', 'GET', 'POST', 'PUT'))
+@blueprint.route('/fhir-router/<string:session_id>/', defaults={'relative_path': ''}, methods=('DELETE', 'GET', 'POST', 'PUT'))
 def route_fhir(relative_path, session_id):
     g.session_id = session_id
     current_app.logger.debug('received session_id as path parameter: %s', session_id)
@@ -299,6 +299,6 @@ def route_fhir(relative_path, session_id):
 def add_header(response):
     response.headers['Access-Control-Allow-Origin'] = '*'
     response.headers['Access-Control-Allow-Headers'] = 'Authorization, Cache-Control, Content-Type'
-    response.headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS, POST, PUT, DELETE'
+    response.headers['Access-Control-Allow-Methods'] = 'DELETE, GET, OPTIONS, POST, PUT'
 
     return response