def create_api(global_config, **settings): settings = get_settings(global_config, **settings) config = Configurator(settings=settings) config.set_authentication_policy(remote_authn) config.set_authorization_policy(acl_authz) config.set_root_factory('h.api.resources.create_root') config.add_renderer('json', JSON(indent=4)) config.add_subscriber('h.api.subscribers.set_user_from_oauth', 'pyramid.events.ContextFound') config.add_tween('h.api.tweens.auth_token') config.include('h.features') config.include('h.auth') config.include('h.api.db') config.include('h.api.views') if config.registry.feature('queue'): config.include('h.queue') config.include('h.api.queue') app = config.make_wsgi_app() app = permit_cors(app, allow_headers=('Authorization', 'X-Annotator-Auth-Token'), allow_methods=('HEAD', 'GET', 'POST', 'PUT', 'DELETE')) return app
def create_app(global_config, **settings): """Configure and add static routes and views. Return the WSGI app.""" settings = get_settings(global_config, **settings) config = Configurator(settings=settings) config.set_root_factory('h.resources.create_root') config.add_subscriber('h.subscribers.add_renderer_globals', 'pyramid.events.BeforeRender') config.add_subscriber('h.subscribers.set_user_from_oauth', 'pyramid.events.NewRequest') config.add_tween('h.tweens.csrf_tween_factory') config.add_tween('h.tweens.auth_token') config.include(__name__) app = config.make_wsgi_app() app = permit_cors(app, allow_headers=( 'Authorization', 'Content-Type', 'X-Annotator-Auth-Token', 'X-Client-Id', ), allow_methods=('HEAD', 'GET', 'POST', 'PUT', 'DELETE')) return app
def create_api(global_config, **settings): settings = get_settings(global_config, **settings) config = Configurator(settings=settings) config.set_authentication_policy(remote_authn) config.set_authorization_policy(acl_authz) config.set_root_factory("h.api.resources.create_root") config.add_renderer("json", JSON(indent=4)) config.add_subscriber("h.api.subscribers.set_user_from_oauth", "pyramid.events.ContextFound") config.add_tween("h.api.tweens.auth_token") config.include("h.features") config.include("h.auth") config.include("h.api.db") config.include("h.api.views") if config.registry.feature("queue"): config.include("h.queue") config.include("h.api.queue") app = config.make_wsgi_app() app = permit_cors( app, allow_headers=("Authorization", "X-Annotator-Auth-Token"), allow_methods=("HEAD", "GET", "POST", "PUT", "DELETE"), ) return app
def test_permit_cors_sets_allow_methods_OPTIONS_for_preflight(headers): request = Request.blank('/', method='OPTIONS', headers=headers) wrapped = permit_cors(wsgi_testapp) resp = request.get_response(wrapped) assert resp.headers['Access-Control-Allow-Methods'] == 'OPTIONS'
def test_permit_cors_returns_empty_body_for_preflight(headers): request = Request.blank('/', method='OPTIONS', headers=headers) wrapped = permit_cors(wsgi_testapp) resp = request.get_response(wrapped) assert resp.body == ''
def test_permit_cors_sets_allow_origin_for_preflight(headers): request = Request.blank('/', method='OPTIONS', headers=headers) wrapped = permit_cors(wsgi_testapp) resp = request.get_response(wrapped) assert resp.headers['Access-Control-Allow-Origin'] == 'http://example.com'
def test_permit_cors_adds_allow_origin_header_for_non_preflight(): request = Request.blank('/', ) wrapped = permit_cors(wsgi_testapp) resp = request.get_response(wrapped) assert resp.headers['Access-Control-Allow-Origin'] == '*'
def test_permit_cors_sets_max_age_for_preflight_when_set(headers): request = Request.blank('/', method='OPTIONS', headers=headers) wrapped = permit_cors(wsgi_testapp, max_age=42) resp = request.get_response(wrapped) assert resp.headers['Access-Control-Max-Age'] == '42'
def test_permit_cors_sets_allow_credentials_for_preflight_when_set(headers): request = Request.blank('/', method='OPTIONS', headers=headers) wrapped = permit_cors(wsgi_testapp, allow_credentials=True) resp = request.get_response(wrapped) assert resp.headers['Access-Control-Allow-Credentials'] == 'true'
def test_permit_cors_400s_for_preflight_without_reqmethod(headers): del headers['Access-Control-Request-Method'] request = Request.blank('/', method='OPTIONS', headers=headers) wrapped = permit_cors(wsgi_testapp) resp = request.get_response(wrapped) assert resp.status_code == 400
def test_permit_cors_passes_through_non_preflight(): request = Request.blank('/') wrapped = permit_cors(wsgi_testapp) resp = request.get_response(wrapped) assert resp.body == 'OK' assert resp.status_code == 200
def test_permit_cors_sets_expose_headers_for_preflight_when_set(headers): request = Request.blank('/', method='OPTIONS', headers=headers) wrapped = permit_cors(wsgi_testapp, expose_headers=('Foo', 'X-Bar')) resp = request.get_response(wrapped) values = resp.headers['Access-Control-Expose-Headers'].split(', ') assert sorted(values) == ['Foo', 'X-Bar']
def test_permit_cors_sets_allow_methods_for_preflight(headers): request = Request.blank('/', method='OPTIONS', headers=headers) wrapped = permit_cors(wsgi_testapp, allow_methods=('PUT', 'DELETE')) resp = request.get_response(wrapped) values = resp.headers['Access-Control-Allow-Methods'].split(', ') assert sorted(values) == ['DELETE', 'OPTIONS', 'PUT']
def create_app(global_config, **settings): """Configure and add static routes and views. Return the WSGI app.""" settings = get_settings(global_config, **settings) config = Configurator(settings=settings) config.set_root_factory("h.resources.create_root") config.add_subscriber("h.subscribers.add_renderer_globals", "pyramid.events.BeforeRender") config.add_subscriber("h.subscribers.set_user_from_oauth", "pyramid.events.NewRequest") config.add_tween("h.tweens.csrf_tween_factory") config.add_tween("h.tweens.auth_token") config.include(__name__) app = config.make_wsgi_app() app = permit_cors( app, allow_headers=("Authorization", "Content-Type", "X-Annotator-Auth-Token", "X-Client-Id"), allow_methods=("HEAD", "GET", "POST", "PUT", "DELETE"), ) return app