def render(self):
"""
Renders the requested resource returned from the self.process() method.
"""
# check for logout
if self.path == '/manage/logout':
self.authenticate()
return
# traverse the resource tree
try:
result = getChildForRequest(self.env.tree, self)
except SeisHubError, e:
self.setResponseCode(e.code, e.message)
self.env.log.http(e.code, e.message)
self.write('')
self.finish()
return
def render(self):
"""
Renders the requested resource returned from the self.process() method.
"""
# traverse the resource tree
child = getChildForRequest(self.env.tree, self)
# check result and either render direct or in thread
if IFileSystemResource.providedBy(child):
# render direct
return child.render(self)
elif IStatical.providedBy(child):
# render direct
return child.render(self)
elif IScriptResource.providedBy(child):
msg = "Script resources may not be called via SFTP."
raise ForbiddenError(msg)
elif IRESTResource.providedBy(child):
return child.render(self)
elif IResource.providedBy(child):
return child.render(self)
msg = "I don't know how to handle this resource type %s"
raise InternalServerError(msg % type(child))
def render(self):
"""
Renders the requested resource returned from the self.process() method.
"""
# Set the access control header to allow cross origin XMLHttpRequests
# for all resources.
self.setHeader("Access-Control-Allow-Origin", "*")
# Modern browsers adhere to the same origin policy. This can be
# circumvented to a certain degree by correctly responding to
# XMLHttpRequest OPTIONS requests. All AJAX requests from other domains
# will be allowed. The goal is to be as permissive as possible
if self.method == "OPTIONS":
# Shortcut name
h_name = "access-control-request-headers"
if self.requestHeaders.hasHeader(h_name) and \
"x-requested-with" in \
self.requestHeaders.getRawHeaders(h_name)[0].lower():
# Set correct headers, response code, and return.
self.setResponseCode(200, "Cross site access granted.")
self.setHeader("Access-Control-Allow-Headers",
"X-Requested-With, X-File-Size, X-File-Name, X-File-Type, "
"X-Requested-With, Authorization, "
"authorization, content-type")
self.setHeader("Access-Control-Allow-Methods", "POST, PUT, "
"GET, DELETE, OPTIONS")
self.setHeader("Access-Control-Max-Age", "60")
self.write('')
self.finish()
return
# Handle 'multipart/form-data' content types.
# See http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2
if self.requestHeaders.hasHeader("content-type") and \
self.requestHeaders.getRawHeaders("content-type")[0].startswith(
"multipart/form-data; boundary="):
boundary = self.requestHeaders.getRawHeaders("content-type")[0]\
.split("boundary=")[1]
# The actual boundary is prepended with "--"
boundary = "--" + boundary
split_data = self.data.split(boundary)
split_data = [_i for _i in split_data if _i]
_, _, content, _ = split_data[:4]
# The content can be prepended by Content-Disposition,
# Content-Type, or Content-Transfer-Encoding headers. Remove
# these.
content = content.strip().split("\n")
for _i, line in enumerate(content):
if line and line.startswith("Content-"):
continue
self.data = "\n".join(content[_i:]).strip()
break
# check for logout
if self.path == '/manage/logout':
self.authenticate()
return
# traverse the resource tree
try:
result = getChildForRequest(self.env.tree, self)
except SeisHubError, e:
self.setResponseCode(e.code, e.message)
self.env.log.http(e.code, e.message)
self.write('')
self.finish()
return
