Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

Untitled

a guest Feb 21st, 2018 54 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. from pyramid.security import NO_PERMISSION_REQUIRED
  2.  
  3. def includeme(config):
  4.     config.add_directive(
  5.         'add_cors_preflight_handler', add_cors_preflight_handler)
  6.     config.add_route_predicate('cors_preflight', CorsPreflightPredicate)
  7.  
  8.     config.add_subscriber(add_cors_to_response, 'pyramid.events.NewResponse')
  9.  
  10. class CorsPreflightPredicate(object):
  11.     def __init__(self, val, config):
  12.         self.val = val
  13.  
  14.     def text(self):
  15.         return 'cors_preflight = %s' % bool(self.val)
  16.  
  17.     phash = text
  18.  
  19.     def __call__(self, context, request):
  20.         if not self.val:
  21.             return False
  22.         return (
  23.             request.method == 'OPTIONS' and
  24.             'Origin' in request.headers and
  25.             'Access-Control-Request-Method' in request.headers
  26.         )
  27.  
  28. def add_cors_preflight_handler(config):
  29.     config.add_route(
  30.         'cors-options-preflight', '/{catch_all:.*}',
  31.         cors_preflight=True,
  32.     )
  33.     config.add_view(
  34.         cors_options_view,
  35.         route_name='cors-options-preflight',
  36.         permission=NO_PERMISSION_REQUIRED,
  37.     )
  38.  
  39. def add_cors_to_response(event):
  40.     request = event.request
  41.     response = event.response
  42.     if 'Origin' in request.headers:
  43.         response.headers['Access-Control-Expose-Headers'] = (
  44.             'Content-Type,Date,Content-Length,Authorization,X-Request-ID')
  45.         response.headers['Access-Control-Allow-Origin'] = (
  46.             request.headers['Origin'])
  47.         response.headers['Access-Control-Allow-Credentials'] = 'true'
  48.  
  49. def cors_options_view(context, request):
  50.     response = request.response
  51.     if 'Access-Control-Request-Headers' in request.headers:
  52.         response.headers['Access-Control-Allow-Methods'] = (
  53.             'OPTIONS,HEAD,GET,POST,PUT,DELETE')
  54.     response.headers['Access-Control-Allow-Headers'] = (
  55.         'Content-Type,Accept,Accept-Language,Authorization,X-Request-ID')
  56.     return response
  57.    
  58. # Example standalone view, no CORS precidate set up needed
  59.  
  60. from pyramid.httpexceptions import HTTPMethodNotAllowed, HTTPTooManyRequests, HTTPUnprocessableEntity
  61. from pyramid.response import Response
  62.  
  63.  
  64. @simple_route("/sign", route_name="sign", renderer="json")
  65. def sign(request: Request):
  66.     """CORS POST-only view point"""
  67.     redis = get_redis(request)
  68.  
  69.     if request.method == "OPTIONS":
  70.         response = Response()
  71.         response.headers['Access-Control-Expose-Headers'] = (
  72.             'Content-Type, Date, Content-Length, Authorization, X-Request-ID, X-Requested-With')
  73.         response.headers['Access-Control-Allow-Origin'] = (
  74.             request.headers['Origin'])
  75.         response.headers['Access-Control-Allow-Credentials'] = 'true'
  76.         return response
  77.  
  78.     if request.method != "POST":
  79.         raise HTTPMethodNotAllowed(detail="This is POST only endpoint")
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top