kilfu0701 · August 13, 2014 04:24
diff --git a/middleware.py b/middleware.py
 from django import http

 try:
    from django.conf import settings
    XS_SHARING_ALLOWED_ORIGINS = settings.XS_SHARING_ALLOWED_ORIGINS
    XS_SHARING_ALLOWED_METHODS = settings.XS_SHARING_ALLOWED_METHODS
    XS_SHARING_ALLOWED_HEADERS = settings.XS_SHARING_ALLOWED_HEADERS
    XS_SHARING_ALLOWED_CREDENTIALS = settings.XS_SHARING_ALLOWED_CREDENTIALS
 except AttributeError:
    XS_SHARING_ALLOWED_ORIGINS = '*'
    XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE']
    XS_SHARING_ALLOWED_HEADERS = ['Content-Type', '*']
    XS_SHARING_ALLOWED_CREDENTIALS = 'true'


 class XsSharing(object):
    """
    This middleware allows cross-domain XHR using the html5 postMessage API.
     
    Access-Control-Allow-Origin: http://foo.example
    Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE

    Based off https://gist.github.com/426829
    """
    def process_request(self, request):
        if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
            response = http.HttpResponse()
            response['Access-Control-Allow-Origin']  = XS_SHARING_ALLOWED_ORIGINS 
            response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS ) 
            response['Access-Control-Allow-Headers'] = ",".join( XS_SHARING_ALLOWED_HEADERS )
            response['Access-Control-Allow-Credentials'] = XS_SHARING_ALLOWED_CREDENTIALS
            return response

        return None

    def process_response(self, request, response):
        response['Access-Control-Allow-Origin']  = XS_SHARING_ALLOWED_ORIGINS 
        response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
        response['Access-Control-Allow-Headers'] = ",".join( XS_SHARING_ALLOWED_HEADERS )
        response['Access-Control-Allow-Credentials'] = XS_SHARING_ALLOWED_CREDENTIALS

        return response
	from django import http

	try:
	from django.conf import settings
	XS_SHARING_ALLOWED_ORIGINS = settings.XS_SHARING_ALLOWED_ORIGINS
	XS_SHARING_ALLOWED_METHODS = settings.XS_SHARING_ALLOWED_METHODS
	XS_SHARING_ALLOWED_HEADERS = settings.XS_SHARING_ALLOWED_HEADERS
	XS_SHARING_ALLOWED_CREDENTIALS = settings.XS_SHARING_ALLOWED_CREDENTIALS
	except AttributeError:
	XS_SHARING_ALLOWED_ORIGINS = '*'
	XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE']
	XS_SHARING_ALLOWED_HEADERS = ['Content-Type', '*']
	XS_SHARING_ALLOWED_CREDENTIALS = 'true'


	class XsSharing(object):
	"""
	This middleware allows cross-domain XHR using the html5 postMessage API.

	Access-Control-Allow-Origin: http://foo.example
	Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE

	Based off https://gist.github.com/426829
	"""
	def process_request(self, request):
	if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
	response = http.HttpResponse()
	response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
	response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
	response['Access-Control-Allow-Headers'] = ",".join( XS_SHARING_ALLOWED_HEADERS )
	response['Access-Control-Allow-Credentials'] = XS_SHARING_ALLOWED_CREDENTIALS
	return response

	return None

	def process_response(self, request, response):
	response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
	response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
	response['Access-Control-Allow-Headers'] = ",".join( XS_SHARING_ALLOWED_HEADERS )
	response['Access-Control-Allow-Credentials'] = XS_SHARING_ALLOWED_CREDENTIALS

	return response