aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--python/fatcat_web/__init__.py2
-rw-r--r--python/fatcat_web/cors.py50
2 files changed, 51 insertions, 1 deletions
diff --git a/python/fatcat_web/__init__.py b/python/fatcat_web/__init__.py
index cd7af195..1ad278ba 100644
--- a/python/fatcat_web/__init__.py
+++ b/python/fatcat_web/__init__.py
@@ -42,7 +42,7 @@ else:
print("No privileged token found")
priv_api = None
-from fatcat_web import routes, auth
+from fatcat_web import routes, auth, cors
gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth)
app.register_blueprint(gitlab_bp, url_prefix='/auth/gitlab')
diff --git a/python/fatcat_web/cors.py b/python/fatcat_web/cors.py
new file mode 100644
index 00000000..2285cf80
--- /dev/null
+++ b/python/fatcat_web/cors.py
@@ -0,0 +1,50 @@
+from datetime import timedelta
+from flask import make_response, request, current_app
+from functools import update_wrapper
+
+"""
+This snippet from: http://flask.pocoo.org/snippets/56/
+"Posted by Armin Ronacher on 2011-07-14"
+"""
+
+
+def crossdomain(origin=None, methods=None, headers=None,
+ max_age=21600, attach_to_all=True,
+ automatic_options=True):
+ if methods is not None:
+ methods = ', '.join(sorted(x.upper() for x in methods))
+ if headers is not None and not isinstance(headers, str):
+ headers = ', '.join(x.upper() for x in headers)
+ if not isinstance(origin, str):
+ origin = ', '.join(origin)
+ if isinstance(max_age, timedelta):
+ max_age = max_age.total_seconds()
+
+ def get_methods():
+ if methods is not None:
+ return methods
+
+ options_resp = current_app.make_default_options_response()
+ return options_resp.headers['allow']
+
+ def decorator(f):
+ def wrapped_function(*args, **kwargs):
+ if automatic_options and request.method == 'OPTIONS':
+ resp = current_app.make_default_options_response()
+ else:
+ resp = make_response(f(*args, **kwargs))
+ if not attach_to_all and request.method != 'OPTIONS':
+ return resp
+
+ h = resp.headers
+
+ h['Access-Control-Allow-Origin'] = origin
+ h['Access-Control-Allow-Methods'] = get_methods()
+ h['Access-Control-Max-Age'] = str(max_age)
+ if headers is not None:
+ h['Access-Control-Allow-Headers'] = headers
+ return resp
+
+ f.provide_automatic_options = False
+ return update_wrapper(wrapped_function, f)
+ return decorator