Skip to content

Instantly share code, notes, and snippets.

@jottenlips

jottenlips/xssharing_middleware.py

Last active April 14, 2022 01:44
Show Gist options
  • Save jottenlips/e67a3be595484ea4842537a3da795194 to your computer and use it in GitHub Desktop.
Save jottenlips/e67a3be595484ea4842537a3da795194 to your computer and use it in GitHub Desktop.
Download ZIP
Allow django templates to receive data from a popup that calls window.opener.postMessage
Raw
xssharing_middleware.py
from django.conf import settings
XS_SHARING_ALLOWED_ORIGINS = getattr(settings, "XS_SHARING_ALLOWED_ORIGINS", '')
XS_SHARING_ALLOWED_METHODS = getattr(settings, "XS_SHARING_ALLOWED_METHODS",
['POST', 'GET', 'OPTIONS', 'PUT'])
def xssharing_middleware(get_response):
def middleware(request):
response = get_response(request)
if response.has_header('Access-Control-Allow-Origin'):
return response
response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
response['Access-Control-Allow-Headers'] = "*"
response['Cross-Origin-Opener-Policy'] = 'same-origin-allow-popups'
return response
return middleware
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment