def prepare_preflight(request):
"""
Generate a preflight request and followup checks.
"""
headers = {}
checks = []
if request.method == "OPTIONS":
return None, []
for prep in (prepare_preflight_allowed_origin,
prepare_preflight_allowed_headers,
prepare_preflight_allowed_methods):
required_headers, required_checks = prep(request)
headers.update(required_headers)
checks.extend(required_checks)
# It is possible to have only one check (origin) which necessitates sending
# a preflight request even though it won't include any CORS request headers.
if len(headers) == 0 and len(checks) == 0:
return None, []
request_headers = HeadersDict(request.headers)
headers["Host"] = request_headers.get("host", "")
preflight = Request("OPTIONS", request.url, headers)
return preflight, checks
def prepare_preflight(request):
"""
Generate a preflight request and followup checks.
"""
headers = {}
checks = []
if request.method == "OPTIONS":
return None, []
for prep in (
prepare_preflight_allowed_origin,
prepare_preflight_allowed_headers,
prepare_preflight_allowed_methods):
required_headers, required_checks = prep(request)
headers.update(required_headers)
checks.extend(required_checks)
# It is possible to have only one check (origin) which necessitates sending
# a preflight request even though it won't include any CORS request headers.
if len(headers) == 0 and len(checks) == 0:
return None, []
request_headers = HeadersDict(request.headers)
headers["Host"] = request_headers.get("host", "")
preflight = Request(
"OPTIONS",
request.url,
headers)
return preflight, checks
def check_origin(response, prepared_request):
"""
Assert that a cross origin response allows requests from a request's origin.
"""
request = prepared_request
headers = HeadersDict(prepared_request.headers)
if is_same_origin(request):
return
origin = headers["origin"]
if response.headers.get("Access-Control-Allow-Origin") not in ("*",
origin):
raise AccessControlError(
"Origin %r not allowed for resource %r" % (origin, request.url),
request.url, request.method, request.headers)
def _request(url="http://example.com",
method="GET",
headers=None,
origin="http://example.com",
**kwargs):
request = mock.MagicMock(name="mock_request")
request._response = mock.MagicMock()
request.kwargs = {"_response": request._response}
request.kwargs.update(kwargs)
request.url = url
request.method = method
request.headers = HeadersDict(headers or {})
request.prepare = lambda: request
if "origin" not in request.headers:
request.headers["origin"] = origin
return request
def _response(request=None, headers=None):
response = mock.MagicMock()
response.request = request or _request()
response.headers = HeadersDict(headers or {})
return response