def forbidden_view(request):
# read the read of the body
# TODO: body file is a buffer reader. should probably read the size of the buffer
read = "buffer"
while read != "":
read = request.body_file.read(4096)
return error.http_error(request.response, **error.FORBIDDEN)
def preflight_crossdomain_access_control(request):
origin = request.headers.get("Origin")
if origin is not None:
request.response.headers["Access-Control-Allow-Origin"] = origin
request.response.headers["Access-Control-Allow-Methods"] = "GET, PUT, POST, DELETE, OPTIONS"
request.response.headers["Access-Control-Max-Age"] = tim_config["api"]["cors_ttl"]
request.response.headers["Access-Control-Allow-Headers"] = "Content-Type"
# parse the origin url
origin_url = urlparse.urlparse(origin)
origin_domain = origin_url.netloc.split(":")[0]
if origin_domain in _acceptable_host:
request.response.headers["Access-Control-Allow-Credentials"] = "true"
else:
logging.info("Not allowing domain (%s) because (%s) not in %s", origin, origin_domain, _acceptable_host)
request.response.headers["Access-Control-Allow-Credentials"] = "false"
return request.response
return error.http_error(request.response, **error.NOT_FOUND)
def unauthorized_request_to_self(request):
return error.http_error(request.response, **error.UNAUTHORIZED)
def not_found(request):
return error.http_error(request.response, **error.NOT_FOUND)
