def prepare_preflight_allowed_headers(request): needed = get_prohibited_headers(request, {}) needed = {format_header_field(h) for h in needed} if not is_simple_content_type(request): needed.add("Content-Type") if len(needed) == 0: return {}, [] return ({ "Access-Control-Request-Headers": ",".join(needed) }, [check_headers])
def prepare_preflight_allowed_headers(request): needed = get_prohibited_headers(request, {}) needed = {format_header_field(h) for h in needed} if not is_simple_content_type(request): needed.add("Content-Type") if len(needed) == 0: return {}, [] return ( {"Access-Control-Request-Headers": ",".join(needed)}, [check_headers] )
def check_headers(response, prepared_request): """ Assert that the requested headers are allowed. """ request = prepared_request allowed = response.headers.get("Access-Control-Allow-Headers", "") prohibited = get_prohibited_headers(request, allowed) if len(prohibited) == 0: return if prohibited == set(["content-type"]) and is_simple_content_type(request): return raise AccessControlError( "Headers %r not allowed for resource %r" % (prohibited, request.url), request.url, request.method, request.headers)