-
-
Save kamalgill/b1f682dbdc6d6df4d052 to your computer and use it in GitHub Desktop.
cors in pyramid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pyramid.security import NO_PERMISSION_REQUIRED | |
| def includeme(config): | |
| config.add_directive( | |
| 'add_cors_preflight_handler', add_cors_preflight_handler) | |
| config.add_route_predicate('cors_preflight', CorsPreflightPredicate) | |
| config.add_subscriber(add_cors_to_response, 'pyramid.events.NewResponse') | |
| class CorsPreflightPredicate(object): | |
| def __init__(self, val, config): | |
| self.val = val | |
| def text(self): | |
| return 'cors_preflight = %s' % bool(self.val) | |
| phash = text | |
| def __call__(self, context, request): | |
| if not self.val: | |
| return False | |
| return ( | |
| request.method == 'OPTIONS' and | |
| 'Origin' in request.headers and | |
| 'Access-Control-Request-Method' in request.headers | |
| ) | |
| def add_cors_preflight_handler(config): | |
| config.add_route( | |
| 'cors-options-preflight', '/{catch_all:.*}', | |
| cors_preflight=True, | |
| ) | |
| config.add_view( | |
| cors_options_view, | |
| route_name='cors-options-preflight', | |
| permission=NO_PERMISSION_REQUIRED, | |
| ) | |
| def add_cors_to_response(event): | |
| request = event.request | |
| response = event.response | |
| if 'Origin' in request.headers: | |
| response.headers['Access-Control-Expose-Headers'] = ( | |
| 'Content-Type,Date,Content-Length,Authorization,X-Request-ID') | |
| response.headers['Access-Control-Allow-Origin'] = ( | |
| request.headers['Origin']) | |
| response.headers['Access-Control-Allow-Credentials'] = 'true' | |
| def cors_options_view(context, request): | |
| response = request.response | |
| if 'Access-Control-Request-Headers' in request.headers: | |
| response.headers['Access-Control-Allow-Methods'] = ( | |
| 'OPTIONS,HEAD,GET,POST,PUT,DELETE') | |
| response.headers['Access-Control-Allow-Headers'] = ( | |
| 'Content-Type,Accept,Accept-Language,Authorization,X-Request-ID') | |
| return response |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def main(global_config, **app_settings): | |
| config = Configurator() | |
| config.include('.cors') | |
| # make sure to add this before other routes to intercept OPTIONS | |
| config.add_cors_preflight_handler() | |
| config.add_route(...) | |
| return config.make_wsgi_app() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is great @kamalgill. In Python 3.5 I had to change it to config.include('cors') instead of config.include('.cors') for it to work, but it was perfect after that :)