Beispiel #1
0
        def custom_start_response(status, headers, exc_info=None):
            headers = ResponseHeaders(headers)

            origin = request.headers.get("Origin")
            origins = OrderedSet(cfg.CONF.api.allow_origin)

            # Build a list of the default allowed origins
            public_api_url = cfg.CONF.auth.api_url

            # Default gulp development server WebUI URL
            origins.add("http://127.0.0.1:3000")

            # By default WebUI simple http server listens on 8080
            origins.add("http://localhost:8080")
            origins.add("http://127.0.0.1:8080")

            if public_api_url:
                # Public API URL
                origins.add(public_api_url)

            origins = list(origins)

            if origin:
                if "*" in origins:
                    origin_allowed = origin
                else:
                    # See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
                    origin_allowed = origin if origin in origins else list(
                        origins)[0]
            else:
                origin_allowed = list(origins)[0]

            methods_allowed = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
            request_headers_allowed = [
                "Content-Type",
                "Authorization",
                HEADER_ATTRIBUTE_NAME,
                HEADER_API_KEY_ATTRIBUTE_NAME,
                REQUEST_ID_HEADER,
            ]
            response_headers_allowed = [
                "Content-Type",
                "X-Limit",
                "X-Total-Count",
                REQUEST_ID_HEADER,
            ]

            headers["Access-Control-Allow-Origin"] = origin_allowed
            headers["Access-Control-Allow-Methods"] = ",".join(methods_allowed)
            headers["Access-Control-Allow-Headers"] = ",".join(
                request_headers_allowed)
            headers["Access-Control-Allow-Credentials"] = "true"
            headers["Access-Control-Expose-Headers"] = ",".join(
                response_headers_allowed)

            return start_response(status, headers._items, exc_info)
Beispiel #2
0
        def custom_start_response(status, headers, exc_info=None):
            headers = ResponseHeaders(headers)

            origin = request.headers.get('Origin')
            origins = OrderedSet(cfg.CONF.api.allow_origin)

            # Build a list of the default allowed origins
            public_api_url = cfg.CONF.auth.api_url

            # Default gulp development server WebUI URL
            origins.add('http://127.0.0.1:3000')

            # By default WebUI simple http server listens on 8080
            origins.add('http://localhost:8080')
            origins.add('http://127.0.0.1:8080')

            if public_api_url:
                # Public API URL
                origins.add(public_api_url)

            origins = list(origins)

            if origin:
                if '*' in origins:
                    origin_allowed = origin
                else:
                    # See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
                    origin_allowed = origin if origin in origins else list(
                        origins)[0]
            else:
                origin_allowed = list(origins)[0]

            methods_allowed = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
            request_headers_allowed = [
                'Content-Type', 'Authorization', HEADER_ATTRIBUTE_NAME,
                HEADER_API_KEY_ATTRIBUTE_NAME, REQUEST_ID_HEADER
            ]
            response_headers_allowed = [
                'Content-Type', 'X-Limit', 'X-Total-Count', REQUEST_ID_HEADER
            ]

            headers['Access-Control-Allow-Origin'] = origin_allowed
            headers['Access-Control-Allow-Methods'] = ','.join(methods_allowed)
            headers['Access-Control-Allow-Headers'] = ','.join(
                request_headers_allowed)
            headers['Access-Control-Allow-Credentials'] = 'true'
            headers['Access-Control-Expose-Headers'] = ','.join(
                response_headers_allowed)

            return start_response(status, headers._items, exc_info)
Beispiel #3
0
        def custom_start_response(status, headers, exc_info=None):
            headers = ResponseHeaders(headers)

            origin = request.headers.get('Origin')
            origins = OrderedSet(cfg.CONF.api.allow_origin)

            # Build a list of the default allowed origins
            public_api_url = cfg.CONF.auth.api_url

            # Default gulp development server WebUI URL
            origins.add('http://127.0.0.1:3000')

            # By default WebUI simple http server listens on 8080
            origins.add('http://localhost:8080')
            origins.add('http://127.0.0.1:8080')

            if public_api_url:
                # Public API URL
                origins.add(public_api_url)

            origins = list(origins)

            if origin:
                if '*' in origins:
                    origin_allowed = origin
                else:
                    # See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
                    origin_allowed = origin if origin in origins else list(origins)[0]
            else:
                origin_allowed = list(origins)[0]

            methods_allowed = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
            request_headers_allowed = ['Content-Type', 'Authorization', HEADER_ATTRIBUTE_NAME,
                                       HEADER_API_KEY_ATTRIBUTE_NAME, REQUEST_ID_HEADER]
            response_headers_allowed = ['Content-Type', 'X-Limit', 'X-Total-Count',
                                        REQUEST_ID_HEADER]

            headers['Access-Control-Allow-Origin'] = origin_allowed
            headers['Access-Control-Allow-Methods'] = ','.join(methods_allowed)
            headers['Access-Control-Allow-Headers'] = ','.join(request_headers_allowed)
            headers['Access-Control-Allow-Credentials'] = 'true'
            headers['Access-Control-Expose-Headers'] = ','.join(response_headers_allowed)

            return start_response(status, headers._items, exc_info)