API tools faq
paste
Guest User

Untitled

a guest
Feb 21st, 2018
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.73 KB | None | 0 0
raw download clone embed print report
  1. from pyramid.security import NO_PERMISSION_REQUIRED
  2.  
  3. def includeme(config):
  4. config.add_directive(
  5. 'add_cors_preflight_handler', add_cors_preflight_handler)
  6. config.add_route_predicate('cors_preflight', CorsPreflightPredicate)
  7.  
  8. config.add_subscriber(add_cors_to_response, 'pyramid.events.NewResponse')
  9.  
  10. class CorsPreflightPredicate(object):
  11. def __init__(self, val, config):
  12. self.val = val
  13.  
  14. def text(self):
  15. return 'cors_preflight = %s' % bool(self.val)
  16.  
  17. phash = text
  18.  
  19. def __call__(self, context, request):
  20. if not self.val:
  21. return False
  22. return (
  23. request.method == 'OPTIONS' and
  24. 'Origin' in request.headers and
  25. 'Access-Control-Request-Method' in request.headers
  26. )
  27.  
  28. def add_cors_preflight_handler(config):
  29. config.add_route(
  30. 'cors-options-preflight', '/{catch_all:.*}',
  31. cors_preflight=True,
  32. )
  33. config.add_view(
  34. cors_options_view,
  35. route_name='cors-options-preflight',
  36. permission=NO_PERMISSION_REQUIRED,
  37. )
  38.  
  39. def add_cors_to_response(event):
  40. request = event.request
  41. response = event.response
  42. if 'Origin' in request.headers:
  43. response.headers['Access-Control-Expose-Headers'] = (
  44. 'Content-Type,Date,Content-Length,Authorization,X-Request-ID')
  45. response.headers['Access-Control-Allow-Origin'] = (
  46. request.headers['Origin'])
  47. response.headers['Access-Control-Allow-Credentials'] = 'true'
  48.  
  49. def cors_options_view(context, request):
  50. response = request.response
  51. if 'Access-Control-Request-Headers' in request.headers:
  52. response.headers['Access-Control-Allow-Methods'] = (
  53. 'OPTIONS,HEAD,GET,POST,PUT,DELETE')
  54. response.headers['Access-Control-Allow-Headers'] = (
  55. 'Content-Type,Accept,Accept-Language,Authorization,X-Request-ID')
  56. return response
  57.  
  58. # Example standalone view, no CORS precidate set up needed
  59.  
  60. from pyramid.httpexceptions import HTTPMethodNotAllowed, HTTPTooManyRequests, HTTPUnprocessableEntity
  61. from pyramid.response import Response
  62.  
  63.  
  64. @simple_route("/sign", route_name="sign", renderer="json")
  65. def sign(request: Request):
  66. """CORS POST-only view point"""
  67. redis = get_redis(request)
  68.  
  69. if request.method == "OPTIONS":
  70. response = Response()
  71. response.headers['Access-Control-Expose-Headers'] = (
  72. 'Content-Type, Date, Content-Length, Authorization, X-Request-ID, X-Requested-With')
  73. response.headers['Access-Control-Allow-Origin'] = (
  74. request.headers['Origin'])
  75. response.headers['Access-Control-Allow-Credentials'] = 'true'
  76. return response
  77.  
  78. if request.method != "POST":
  79. raise HTTPMethodNotAllowed(detail="This is POST only endpoint")
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!