Last active
December 6, 2022 14:13
-
-
Save mmerickel/1afaf64154b335b596e4 to your computer and use it in GitHub Desktop.
cors in pyramid
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pyramid.security import NO_PERMISSION_REQUIRED | |
| def includeme(config): | |
| config.add_directive( | |
| 'add_cors_preflight_handler', add_cors_preflight_handler) | |
| config.add_route_predicate('cors_preflight', CorsPreflightPredicate) | |
| config.add_subscriber(add_cors_to_response, 'pyramid.events.NewResponse') | |
| class CorsPreflightPredicate(object): | |
| def __init__(self, val, config): | |
| self.val = val | |
| def text(self): | |
| return 'cors_preflight = %s' % bool(self.val) | |
| phash = text | |
| def __call__(self, context, request): | |
| if not self.val: | |
| return False | |
| return ( | |
| request.method == 'OPTIONS' and | |
| 'Origin' in request.headers and | |
| 'Access-Control-Request-Method' in request.headers | |
| ) | |
| def add_cors_preflight_handler(config): | |
| config.add_route( | |
| 'cors-options-preflight', '/{catch_all:.*}', | |
| cors_preflight=True, | |
| ) | |
| config.add_view( | |
| cors_options_view, | |
| route_name='cors-options-preflight', | |
| permission=NO_PERMISSION_REQUIRED, | |
| ) | |
| def add_cors_to_response(event): | |
| request = event.request | |
| response = event.response | |
| if 'Origin' in request.headers: | |
| response.headers['Access-Control-Expose-Headers'] = ( | |
| 'Content-Type,Date,Content-Length,Authorization,X-Request-ID') | |
| response.headers['Access-Control-Allow-Origin'] = ( | |
| request.headers['Origin']) | |
| response.headers['Access-Control-Allow-Credentials'] = 'true' | |
| def cors_options_view(context, request): | |
| response = request.response | |
| if 'Access-Control-Request-Headers' in request.headers: | |
| response.headers['Access-Control-Allow-Methods'] = ( | |
| 'OPTIONS,HEAD,GET,POST,PUT,DELETE') | |
| response.headers['Access-Control-Allow-Headers'] = ( | |
| 'Content-Type,Accept,Accept-Language,Authorization,X-Request-ID') | |
| return response |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def main(global_config, **app_settings): | |
| config = Configurator() | |
| config.include('.cors') | |
| # make sure to add this before other routes to intercept OPTIONS | |
| config.add_cors_preflight_handler() | |
| config.add_route(...) | |
| return config.make_wsgi_app() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Just noting that this can also be handled higher in the stack: https://pypi.org/project/wsgicors/