diff options
author | Bryan Newbold <bnewbold@robocracy.org> | 2019-02-22 11:30:49 -0800 |
---|---|---|
committer | Bryan Newbold <bnewbold@robocracy.org> | 2019-02-22 11:30:49 -0800 |
commit | 7ac8611d5b36007710926ba4508828642a80c13c (patch) | |
tree | c78cf4a024f0f3e56e6185adbd0b14120d4bcf28 /python | |
parent | d8d3bc16cfa0fba65bb6fdcb4003406e4d2164b5 (diff) | |
download | fatcat-7ac8611d5b36007710926ba4508828642a80c13c.tar.gz fatcat-7ac8611d5b36007710926ba4508828642a80c13c.zip |
add CORS flask helper
Diffstat (limited to 'python')
-rw-r--r-- | python/fatcat_web/__init__.py | 2 | ||||
-rw-r--r-- | python/fatcat_web/cors.py | 50 |
2 files changed, 51 insertions, 1 deletions
diff --git a/python/fatcat_web/__init__.py b/python/fatcat_web/__init__.py index cd7af195..1ad278ba 100644 --- a/python/fatcat_web/__init__.py +++ b/python/fatcat_web/__init__.py @@ -42,7 +42,7 @@ else: print("No privileged token found") priv_api = None -from fatcat_web import routes, auth +from fatcat_web import routes, auth, cors gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth) app.register_blueprint(gitlab_bp, url_prefix='/auth/gitlab') diff --git a/python/fatcat_web/cors.py b/python/fatcat_web/cors.py new file mode 100644 index 00000000..2285cf80 --- /dev/null +++ b/python/fatcat_web/cors.py @@ -0,0 +1,50 @@ +from datetime import timedelta +from flask import make_response, request, current_app +from functools import update_wrapper + +""" +This snippet from: http://flask.pocoo.org/snippets/56/ +"Posted by Armin Ronacher on 2011-07-14" +""" + + +def crossdomain(origin=None, methods=None, headers=None, + max_age=21600, attach_to_all=True, + automatic_options=True): + if methods is not None: + methods = ', '.join(sorted(x.upper() for x in methods)) + if headers is not None and not isinstance(headers, str): + headers = ', '.join(x.upper() for x in headers) + if not isinstance(origin, str): + origin = ', '.join(origin) + if isinstance(max_age, timedelta): + max_age = max_age.total_seconds() + + def get_methods(): + if methods is not None: + return methods + + options_resp = current_app.make_default_options_response() + return options_resp.headers['allow'] + + def decorator(f): + def wrapped_function(*args, **kwargs): + if automatic_options and request.method == 'OPTIONS': + resp = current_app.make_default_options_response() + else: + resp = make_response(f(*args, **kwargs)) + if not attach_to_all and request.method != 'OPTIONS': + return resp + + h = resp.headers + + h['Access-Control-Allow-Origin'] = origin + h['Access-Control-Allow-Methods'] = get_methods() + h['Access-Control-Max-Age'] = str(max_age) + if headers is not None: + h['Access-Control-Allow-Headers'] = headers + return resp + + f.provide_automatic_options = False + return update_wrapper(wrapped_function, f) + return decorator |