mesuutt/middleware.py

## middleware.py
from django import http


class XsSharing(object):
    """
    This middleware allows cross-domain XHR using the html5 postMessage API.

    Access-Control-Allow-Origin: http://foo.example
    Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE

    Based off https://gist.github.com/426829
    """

    def __init__(self):

        self.XS_SHARING_ALLOWED_ORIGINS = getattr(settings, 'XS_SHARING_ALLOWED_ORIGINS', '*')
        self.XS_SHARING_ALLOWED_METHODS = getattr(
            settings,
            'XS_SHARING_ALLOWED_METHODS',
            ['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE']
        )

        self.XS_SHARING_ALLOWED_HEADERS = getattr(
            settings,
            'XS_SHARING_ALLOWED_HEADERS',
            ['Content-Type', '*']
        )
        self.XS_SHARING_ALLOWED_CREDENTIALS = getattr(
            settings,
            'XS_SHARING_ALLOWED_CREDENTIALS',
            'true'
        )

    def process_request(self, request):
        if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
            response = http.HttpResponse()
            response['Access-Control-Allow-Origin'] = self.XS_SHARING_ALLOWED_ORIGINS
            response['Access-Control-Allow-Methods'] = ",".join(self.XS_SHARING_ALLOWED_METHODS)
            response['Access-Control-Allow-Headers'] = ",".join(self.XS_SHARING_ALLOWED_HEADERS)
            response['Access-Control-Allow-Credentials'] = self.XS_SHARING_ALLOWED_CREDENTIALS
            return response

        return None

    def process_response(self, request, response):
        response['Access-Control-Allow-Origin'] = self.XS_SHARING_ALLOWED_ORIGINS
        response['Access-Control-Allow-Methods'] = ",".join(self.XS_SHARING_ALLOWED_METHODS)
        response['Access-Control-Allow-Headers'] = ",".join(self.XS_SHARING_ALLOWED_HEADERS)
        response['Access-Control-Allow-Credentials'] = self.XS_SHARING_ALLOWED_CREDENTIALS

        return response
	from django import http


	class XsSharing(object):
	"""
	This middleware allows cross-domain XHR using the html5 postMessage API.

	Access-Control-Allow-Origin: http://foo.example
	Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE

	Based off https://gist.github.com/426829
	"""

	def __init__(self):

	self.XS_SHARING_ALLOWED_ORIGINS = getattr(settings, 'XS_SHARING_ALLOWED_ORIGINS', '*')
	self.XS_SHARING_ALLOWED_METHODS = getattr(
	settings,
	'XS_SHARING_ALLOWED_METHODS',
	['POST', 'GET', 'OPTIONS', 'PUT', 'DELETE']
	)

	self.XS_SHARING_ALLOWED_HEADERS = getattr(
	settings,
	'XS_SHARING_ALLOWED_HEADERS',
	['Content-Type', '*']
	)
	self.XS_SHARING_ALLOWED_CREDENTIALS = getattr(
	settings,
	'XS_SHARING_ALLOWED_CREDENTIALS',
	'true'
	)

	def process_request(self, request):
	if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
	response = http.HttpResponse()
	response['Access-Control-Allow-Origin'] = self.XS_SHARING_ALLOWED_ORIGINS
	response['Access-Control-Allow-Methods'] = ",".join(self.XS_SHARING_ALLOWED_METHODS)
	response['Access-Control-Allow-Headers'] = ",".join(self.XS_SHARING_ALLOWED_HEADERS)
	response['Access-Control-Allow-Credentials'] = self.XS_SHARING_ALLOWED_CREDENTIALS
	return response

	return None

	def process_response(self, request, response):
	response['Access-Control-Allow-Origin'] = self.XS_SHARING_ALLOWED_ORIGINS
	response['Access-Control-Allow-Methods'] = ",".join(self.XS_SHARING_ALLOWED_METHODS)
	response['Access-Control-Allow-Headers'] = ",".join(self.XS_SHARING_ALLOWED_HEADERS)
	response['Access-Control-Allow-Credentials'] = self.XS_SHARING_ALLOWED_CREDENTIALS

	return response