diff options
Diffstat (limited to 'python')
-rw-r--r-- | python/fatcat_web/__init__.py | 2 | ||||
-rw-r--r-- | python/fatcat_web/cors.py | 50 |
2 files changed, 51 insertions, 1 deletions
diff --git a/python/fatcat_web/__init__.py b/python/fatcat_web/__init__.py index cd7af195..1ad278ba 100644 --- a/python/fatcat_web/__init__.py +++ b/python/fatcat_web/__init__.py @@ -42,7 +42,7 @@ else: print("No privileged token found") priv_api = None -from fatcat_web import routes, auth +from fatcat_web import routes, auth, cors gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth) app.register_blueprint(gitlab_bp, url_prefix='/auth/gitlab') diff --git a/python/fatcat_web/cors.py b/python/fatcat_web/cors.py new file mode 100644 index 00000000..2285cf80 --- /dev/null +++ b/python/fatcat_web/cors.py @@ -0,0 +1,50 @@ +from datetime import timedelta +from flask import make_response, request, current_app +from functools import update_wrapper + +""" +This snippet from: http://flask.pocoo.org/snippets/56/ +"Posted by Armin Ronacher on 2011-07-14" +""" + + +def crossdomain(origin=None, methods=None, headers=None, + max_age=21600, attach_to_all=True, + automatic_options=True): + if methods is not None: + methods = ', '.join(sorted(x.upper() for x in methods)) + if headers is not None and not isinstance(headers, str): + headers = ', '.join(x.upper() for x in headers) + if not isinstance(origin, str): + origin = ', '.join(origin) + if isinstance(max_age, timedelta): + max_age = max_age.total_seconds() + + def get_methods(): + if methods is not None: + return methods + + options_resp = current_app.make_default_options_response() + return options_resp.headers['allow'] + + def decorator(f): + def wrapped_function(*args, **kwargs): + if automatic_options and request.method == 'OPTIONS': + resp = current_app.make_default_options_response() + else: + resp = make_response(f(*args, **kwargs)) + if not attach_to_all and request.method != 'OPTIONS': + return resp + + h = resp.headers + + h['Access-Control-Allow-Origin'] = origin + h['Access-Control-Allow-Methods'] = get_methods() + h['Access-Control-Max-Age'] = str(max_age) + if headers is not None: + h['Access-Control-Allow-Headers'] = headers + return resp + + f.provide_automatic_options = False + return update_wrapper(wrapped_function, f) + return decorator |