def prepare_preflight_allowed_headers(request):
needed = get_prohibited_headers(request, {})
needed = {format_header_field(h) for h in needed}
if not is_simple_content_type(request):
needed.add("Content-Type")
if len(needed) == 0:
return {}, []
return ({
"Access-Control-Request-Headers": ",".join(needed)
}, [check_headers])
def prepare_preflight_allowed_headers(request):
needed = get_prohibited_headers(request, {})
needed = {format_header_field(h) for h in needed}
if not is_simple_content_type(request):
needed.add("Content-Type")
if len(needed) == 0:
return {}, []
return (
{"Access-Control-Request-Headers": ",".join(needed)},
[check_headers]
)
def check_headers(response, prepared_request):
"""
Assert that the requested headers are allowed.
"""
request = prepared_request
allowed = response.headers.get("Access-Control-Allow-Headers", "")
prohibited = get_prohibited_headers(request, allowed)
if len(prohibited) == 0:
return
if prohibited == set(["content-type"]) and is_simple_content_type(request):
return
raise AccessControlError(
"Headers %r not allowed for resource %r" % (prohibited, request.url),
request.url, request.method, request.headers)
def check_headers(response, prepared_request):
"""
Assert that the requested headers are allowed.
"""
request = prepared_request
allowed = response.headers.get("Access-Control-Allow-Headers", "")
prohibited = get_prohibited_headers(request, allowed)
if len(prohibited) == 0:
return
if prohibited == set(["content-type"]) and is_simple_content_type(request):
return
raise AccessControlError(
"Headers %r not allowed for resource %r" % (prohibited, request.url),
request.url,
request.method,
request.headers)
