Last active
June 8, 2017 03:32
-
-
Save miohtama/a14056b775fc1957eb2139c3e5f031ae to your computer and use it in GitHub Desktop.
Pyramid cors
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pyramid.security import NO_PERMISSION_REQUIRED | |
| def includeme(config): | |
| config.add_directive( | |
| 'add_cors_preflight_handler', add_cors_preflight_handler) | |
| config.add_route_predicate('cors_preflight', CorsPreflightPredicate) | |
| config.add_subscriber(add_cors_to_response, 'pyramid.events.NewResponse') | |
| class CorsPreflightPredicate(object): | |
| def __init__(self, val, config): | |
| self.val = val | |
| def text(self): | |
| return 'cors_preflight = %s' % bool(self.val) | |
| phash = text | |
| def __call__(self, context, request): | |
| if not self.val: | |
| return False | |
| return ( | |
| request.method == 'OPTIONS' and | |
| 'Origin' in request.headers and | |
| 'Access-Control-Request-Method' in request.headers | |
| ) | |
| def add_cors_preflight_handler(config): | |
| config.add_route( | |
| 'cors-options-preflight', '/{catch_all:.*}', | |
| cors_preflight=True, | |
| ) | |
| config.add_view( | |
| cors_options_view, | |
| route_name='cors-options-preflight', | |
| permission=NO_PERMISSION_REQUIRED, | |
| ) | |
| def add_cors_to_response(event): | |
| request = event.request | |
| response = event.response | |
| if 'Origin' in request.headers: | |
| response.headers['Access-Control-Expose-Headers'] = ( | |
| 'Content-Type,Date,Content-Length,Authorization,X-Request-ID') | |
| response.headers['Access-Control-Allow-Origin'] = ( | |
| request.headers['Origin']) | |
| response.headers['Access-Control-Allow-Credentials'] = 'true' | |
| def cors_options_view(context, request): | |
| response = request.response | |
| if 'Access-Control-Request-Headers' in request.headers: | |
| response.headers['Access-Control-Allow-Methods'] = ( | |
| 'OPTIONS,HEAD,GET,POST,PUT,DELETE') | |
| response.headers['Access-Control-Allow-Headers'] = ( | |
| 'Content-Type,Accept,Accept-Language,Authorization,X-Request-ID') | |
| return response |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example standalone view, no CORS precidate set up needed | |
| from pyramid.httpexceptions import HTTPMethodNotAllowed, HTTPTooManyRequests, HTTPUnprocessableEntity | |
| from pyramid.response import Response | |
| @simple_route("/sign", route_name="sign", renderer="json") | |
| def sign(request: Request): | |
| """CORS POST-only view point""" | |
| redis = get_redis(request) | |
| if request.method == "OPTIONS": | |
| response = Response() | |
| response.headers['Access-Control-Expose-Headers'] = ( | |
| 'Content-Type, Date, Content-Length, Authorization, X-Request-ID, X-Requested-With') | |
| response.headers['Access-Control-Allow-Origin'] = ( | |
| request.headers['Origin']) | |
| response.headers['Access-Control-Allow-Credentials'] = 'true' | |
| return response | |
| if request.method != "POST": | |
| raise HTTPMethodNotAllowed(detail="This is POST only endpoint") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment