-
-
Save fearless-spider/130a1b421c48edf3ec1e5e04e86c1671 to your computer and use it in GitHub Desktop.
cors in pyramid
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pyramid.security import NO_PERMISSION_REQUIRED | |
| def includeme(config): | |
| config.add_directive( | |
| 'add_cors_preflight_handler', add_cors_preflight_handler) | |
| config.add_route_predicate('cors_preflight', CorsPreflightPredicate) | |
| config.add_subscriber(add_cors_to_response, 'pyramid.events.NewResponse') | |
| class CorsPreflightPredicate(object): | |
| def __init__(self, val, config): | |
| self.val = val | |
| def text(self): | |
| return 'cors_preflight = %s' % bool(self.val) | |
| phash = text | |
| def __call__(self, context, request): | |
| if not self.val: | |
| return False | |
| return ( | |
| request.method == 'OPTIONS' and | |
| 'Origin' in request.headers and | |
| 'Access-Control-Request-Method' in request.headers | |
| ) | |
| def add_cors_preflight_handler(config): | |
| config.add_route( | |
| 'cors-options-preflight', '/{catch_all:.*}', | |
| cors_preflight=True, | |
| ) | |
| config.add_view( | |
| cors_options_view, | |
| route_name='cors-options-preflight', | |
| permission=NO_PERMISSION_REQUIRED, | |
| ) | |
| def add_cors_to_response(event): | |
| request = event.request | |
| response = event.response | |
| if 'Origin' in request.headers: | |
| response.headers['Access-Control-Expose-Headers'] = ( | |
| 'Content-Type,Date,Content-Length,Authorization,X-Request-ID') | |
| response.headers['Access-Control-Allow-Origin'] = ( | |
| request.headers['Origin']) | |
| response.headers['Access-Control-Allow-Credentials'] = 'true' | |
| def cors_options_view(context, request): | |
| response = request.response | |
| if 'Access-Control-Request-Headers' in request.headers: | |
| response.headers['Access-Control-Allow-Methods'] = ( | |
| 'OPTIONS,HEAD,GET,POST,PUT,DELETE') | |
| response.headers['Access-Control-Allow-Headers'] = ( | |
| 'Content-Type,Accept,Accept-Language,Authorization,X-Request-ID') | |
| return response |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def main(global_config, **app_settings): | |
| config = Configurator() | |
| config.include('.cors') | |
| # make sure to add this before other routes to intercept OPTIONS | |
| config.add_cors_preflight_handler() | |
| config.add_route(...) | |
| return config.make_wsgi_app() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment