def check_origin(response, prepared_request):
"""
Assert that a cross origin response allows requests from a request's origin.
"""
request = prepared_request
headers = HeadersDict(prepared_request.headers)
if is_same_origin(request):
return
origin = headers["origin"]
if response.headers.get("Access-Control-Allow-Origin") not in ("*",
origin):
raise AccessControlError(
"Origin %r not allowed for resource %r" % (origin, request.url),
request.url, request.method, request.headers)
def check_origin(response, prepared_request):
"""
Assert that a cross origin response allows requests from a request's origin.
"""
request = prepared_request
headers = HeadersDict(prepared_request.headers)
if is_same_origin(request):
return
origin = headers["origin"]
if response.headers.get("Access-Control-Allow-Origin") not in ("*", origin):
raise AccessControlError(
"Origin %r not allowed for resource %r" % (origin, request.url),
request.url,
request.method,
request.headers)
def prepare_preflight_allowed_origin(request):
if is_same_origin(request):
return {}, []
return {}, [check_origin]
def prepare_preflight_allowed_origin(request):
if is_same_origin(request):
return {}, []
return {}, [check_origin]
