Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Access Control, CORS (Cross Origin Request Sharing) header methods
This should make it a little easier to get and set access control headers as it ensures the types and naming is correct. It is also intentionally very minimal like the other header accessors.
- Loading branch information
Showing
5 changed files
with
142 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
from ..http import dump_header | ||
from ..http import parse_set_header | ||
from ..utils import environ_property | ||
from ..utils import header_property | ||
|
||
|
||
class RequestCORSMixin(object): | ||
"""A mixin for :class:`BaseRequest` subclasses. Request objects that | ||
mix this class in will automatically get descriptors for Cross | ||
Origin Resource Sharing headers. | ||
.. versionadded:: 1.0 | ||
""" | ||
|
||
origin = environ_property( | ||
"HTTP_ORIGIN", | ||
doc="""The origin header field indicates the host that the request | ||
originated from.""", | ||
) | ||
|
||
access_control_request_headers = environ_property( | ||
"HTTP_ACCESS_CONTROL_REQUEST_HEADERS", | ||
load_func=parse_set_header, | ||
doc="""The Access-Control-Request-Headers field is set on a preflight | ||
request to indicate what headers will be sent on the cross | ||
origin request. This allows the server to reply indicating | ||
which headers are allowed.""", | ||
) | ||
|
||
access_control_request_method = environ_property( | ||
"HTTP_ACCESS_CONTROL_REQUEST_METHOD", | ||
doc="""The Access-Control-Request-Method field is set on a preflight | ||
request to indicate which method will be used on the cross | ||
origin request. This allows the server to reply indicating | ||
which method is allowed.""", | ||
) | ||
|
||
|
||
class ResponseCORSMixin(object): | ||
"""A mixin for :class:`BaseResponse` subclasses. Response objects that | ||
mix this class in will automatically get descriptors for Cross | ||
Origin Resource Sharing headers. | ||
.. versionadded:: 1.0 | ||
""" | ||
|
||
@property | ||
def access_control_allow_credentials(self): | ||
"""Indicate whether credentials can be shared by the browser to the | ||
javascript code. As part of the preflight request it indicates | ||
whether credentials can be used on the cross origin | ||
request. | ||
""" | ||
if "Access-Control-Allow-Credentials" in self.headers: | ||
return True | ||
else: | ||
return False | ||
|
||
@access_control_allow_credentials.setter | ||
def access_control_allow_credentials(self, value): | ||
"""Indicate whether credentials can be shared by the browser to the | ||
javascript code. As part of the preflight request it indicates | ||
whether credentials can be used on the cross origin | ||
request. | ||
""" | ||
if value is True: | ||
self.headers["Access-Control-Allow-Credentials"] = "true" | ||
else: | ||
self.headers.pop("Access-Control-Allow-Credentials", None) | ||
|
||
access_control_allow_headers = header_property( | ||
"Access-Control-Allow-Headers", | ||
load_func=parse_set_header, | ||
dump_func=dump_header, | ||
doc="""Indicate which headers can be used on the cross origin request.""", | ||
) | ||
|
||
access_control_allow_methods = header_property( | ||
"Access-Control-Allow-Methods", | ||
load_func=parse_set_header, | ||
dump_func=dump_header, | ||
doc="""Indicate which methods can be used on the cross origin request.""", | ||
) | ||
|
||
access_control_allow_origin = header_property( | ||
"Access-Control-Allow-Origin", | ||
load_func=parse_set_header, | ||
dump_func=dump_header, | ||
doc="""Indicate the origins that may make cross origin requests.""", | ||
) | ||
|
||
access_control_expose_headers = header_property( | ||
"Access-Control-Expose-Headers", | ||
load_func=parse_set_header, | ||
dump_func=dump_header, | ||
doc="""Indicate which headers can be shared by the browser to the | ||
javascript code.""", | ||
) | ||
|
||
access_control_max_age = header_property( | ||
"Access-Control-Max-Age", | ||
load_func=int, | ||
dump_func=str, | ||
doc="""Indicate the maximum age in seconds the access control settings can | ||
be cached for.""", | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters