def test_simple(self): app = CORSMiddleware(hello_world, origin=origin([ "https://example.tld/", "http://example.tld/", "http://example.tld", ]), allowed=("Foo", "Bar"), exposed=("Spam", )) client = Client(app, Response) rv = client.get("/", headers={"ORIGIN": "https://example.tld"}) self.assertEqual(rv.headers["Access-Control-Allow-Origin"], "https://example.tld") self.assertEqual(rv.headers["Access-Control-Allow-Credentials"], "true") self.assertEqual(rv.headers["Access-Control-Allow-Methods"], "HEAD, GET, POST, PUT, DELETE") self.assertEqual(rv.headers["Access-Control-Allow-Headers"], "Foo, Bar") self.assertEqual(rv.headers["Access-Control-Expose-Headers"], "Spam") a = client.get("/", headers={"ORIGIN": "http://example.tld"}) self.assertEqual(a.headers["Access-Control-Allow-Origin"], "http://example.tld") b = client.get("/", headers={"ORIGIN": "http://example.tld"}) self.assertEqual(b.headers["Access-Control-Allow-Origin"], "http://example.tld") c = client.get("/", headers={"ORIGIN": "http://foo.other"}) self.assertEqual(c.headers["Access-Control-Allow-Origin"], "https://example.tld")
def test_simple_CORS(): app = CORSMiddleware(hello_world, origin=origin([ "https://example.tld/", "http://example.tld/", "http://example.tld", ])) client = Client(app, Response) rv = client.get("/", headers={"ORIGIN": "https://example.tld"}) assert rv.headers["Access-Control-Allow-Origin"] == "https://example.tld" assert rv.headers["Access-Control-Allow-Headers"] == "Origin, Content-Type, X-Origin" assert rv.headers["Access-Control-Allow-Credentials"] == "true" assert rv.headers["Access-Control-Allow-Methods"] == "GET, POST, PUT, DELETE" assert rv.headers["Access-Control-Expose-Headers"] == "X-Set-Cookie" a = client.get("/", headers={"ORIGIN": "http://example.tld"}) assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld" b = client.get("/", headers={"ORIGIN": "http://example.tld"}) assert b.headers["Access-Control-Allow-Origin"] == "http://example.tld" c = client.get("/", headers={"ORIGIN": "http://foo.other"}) assert c.headers["Access-Control-Allow-Origin"] == "https://example.tld"
def test_preflight_CORS(): app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"])) client = Client(app, Response) rv = client.open(method="OPTIONS", path="/", headers={"ORIGIN": "http://example.tld"}) assert rv.status_code == 200 for hdr in ("Origin", "Headers", "Credentials", "Methods"): assert "Access-Control-Allow-%s" % hdr in rv.headers assert rv.headers["Access-Control-Allow-Origin"] == "http://example.tld"
def test_preflight(self): app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"]), allowed=("Foo", ), exposed=("Bar", )) client = Client(app, Response) rv = client.open(method="OPTIONS", path="/", headers={"ORIGIN": "http://example.tld"}) self.assertEqual(rv.status_code, 200) for hdr in ("Origin", "Headers", "Credentials", "Methods"): self.assertIn("Access-Control-Allow-%s" % hdr, rv.headers) self.assertEqual(rv.headers["Access-Control-Allow-Origin"], "http://example.tld")
def make_app(conf=None, threading=True, multiprocessing=False, uwsgi=False): if not any((threading, multiprocessing, uwsgi)): raise RuntimeError("either set threading, multiprocessing or uwsgi") if threading: class App(Isso, ThreadedMixin): pass elif multiprocessing: class App(Isso, ProcessMixin): pass else: class App(Isso, uWSGIMixin): pass isso = App(conf) # show session-key (to see that it changes randomely if unset) logger.info("session-key = %s", isso.conf.get("general", "session-key")) # check HTTP server connection for host in conf.getiter("general", "host"): with http.curl('HEAD', host, '/', 5) as resp: if resp is not None: logger.info("connected to %s", host) break else: logger.warn("unable to connect to %s", ", ".join(conf.getiter("general", "host"))) wrapper = [local_manager.make_middleware] if isso.conf.getboolean("server", "profile"): wrapper.append(partial(ProfilerMiddleware, sort_by=("cumulative", ), restrictions=("isso/(?!lib)", 10))) wrapper.append(partial(SharedDataMiddleware, exports={ '/js': join(dirname(__file__), 'js/'), '/css': join(dirname(__file__), 'css/')})) wrapper.append(partial(wsgi.CORSMiddleware, origin=origin(isso.conf.getiter("general", "host")), allowed=("Origin", "Content-Type"), exposed=("X-Set-Cookie", "Date"))) wrapper.extend([wsgi.SubURI, ProxyFix]) return reduce(lambda x, f: f(x), wrapper, isso)
def dispatch(self, request): local.request = request local.host = wsgi.host(request.environ) local.origin = origin(self.conf.getiter("general", "host"))(request.environ) adapter = self.urls.bind_to_environ(request.environ) try: handler, values = adapter.match() except HTTPException as e: return e else: try: response = handler(request.environ, request, **values) except HTTPException as e: return e except Exception: logger.exception("%s %s", request.method, request.environ["PATH_INFO"]) return InternalServerError() else: return response
def make_app(conf=None): if uwsgi: class App(Isso, uWSGIMixin): pass elif gevent or sys.argv[0].endswith("isso"): class App(Isso, ThreadedMixin): pass else: class App(Isso, ProcessMixin): pass isso = App(conf) for host in conf.getiter("general", "host"): with http.curl('HEAD', host, '/', 5) as resp: if resp is not None: logger.info("connected to %s", host) break else: logger.warn("unable to connect to %s", ", ".join(conf.getiter("general", "host"))) wrapper = [local_manager.make_middleware] if isso.conf.getboolean("server", "profile"): wrapper.append(partial(ProfilerMiddleware, sort_by=("cumtime", ), restrictions=("isso/(?!lib)", 10))) wrapper.append(partial(SharedDataMiddleware, exports={ '/js': join(dirname(__file__), 'js/'), '/css': join(dirname(__file__), 'css/')})) wrapper.append(partial(wsgi.CORSMiddleware, origin=origin(isso.conf.getiter("general", "host")))) wrapper.extend([wsgi.SubURI, ProxyFix]) return reduce(lambda x, f: f(x), wrapper, isso)