def OPTIONS(self, req): """ Base handler for OPTIONS requests :param req: swob.Request object :returns: swob.Response object """ # Prepare the default response headers = {'Allow': ', '.join(self.allowed_methods)} resp = Response(status=200, request=req, headers=headers) # If this isn't a CORS pre-flight request then return now req_origin_value = req.headers.get('Origin', None) if not req_origin_value: return resp # This is a CORS preflight request so check it's allowed try: container_info = \ self.container_info(self.account_name, self.container_name, req) except AttributeError: # This should only happen for requests to the Account. A future # change could allow CORS requests to the Account level as well. return resp cors = container_info.get('cors', {}) # If the CORS origin isn't allowed return a 401 if not self.is_origin_allowed(cors, req_origin_value) or ( req.headers.get('Access-Control-Request-Method') not in self.allowed_methods): resp.status = HTTP_UNAUTHORIZED return resp # Allow all headers requested in the request. The CORS # specification does leave the door open for this, as mentioned in # http://www.w3.org/TR/cors/#resource-preflight-requests # Note: Since the list of headers can be unbounded # simply returning headers can be enough. allow_headers = set() if req.headers.get('Access-Control-Request-Headers'): allow_headers.update( list_from_csv(req.headers['Access-Control-Request-Headers'])) # Populate the response with the CORS preflight headers if cors.get('allow_origin', '').strip() == '*': headers['access-control-allow-origin'] = '*' else: headers['access-control-allow-origin'] = req_origin_value if cors.get('max_age') is not None: headers['access-control-max-age'] = cors.get('max_age') headers['access-control-allow-methods'] = \ ', '.join(self.allowed_methods) if allow_headers: headers['access-control-allow-headers'] = ', '.join(allow_headers) resp.headers = headers return resp
def OPTIONS(self, req): """ Base handler for OPTIONS requests :param req: swob.Request object :returns: swob.Response object """ # Prepare the default response headers = {'Allow': ', '.join(self.allowed_methods)} resp = Response(status=200, request=req, headers=headers) # If this isn't a CORS pre-flight request then return now req_origin_value = req.headers.get('Origin', None) if not req_origin_value: return resp # This is a CORS preflight request so check it's allowed try: container_info = \ self.container_info(self.account_name, self.container_name, req) except AttributeError: # This should only happen for requests to the Account. A future # change could allow CORS requests to the Account level as well. return resp cors = container_info.get('cors', {}) # If the CORS origin isn't allowed return a 401 if not self.is_origin_allowed(cors, req_origin_value) or ( req.headers.get('Access-Control-Request-Method') not in self.allowed_methods): resp.status = HTTP_UNAUTHORIZED return resp # Allow all headers requested in the request. The CORS # specification does leave the door open for this, as mentioned in # http://www.w3.org/TR/cors/#resource-preflight-requests # Note: Since the list of headers can be unbounded # simply returning headers can be enough. allow_headers = set() if req.headers.get('Access-Control-Request-Headers'): allow_headers.update( list_from_csv(req.headers['Access-Control-Request-Headers'])) # Populate the response with the CORS preflight headers headers['access-control-allow-origin'] = req_origin_value if cors.get('max_age') is not None: headers['access-control-max-age'] = cors.get('max_age') headers['access-control-allow-methods'] = \ ', '.join(self.allowed_methods) if allow_headers: headers['access-control-allow-headers'] = ', '.join(allow_headers) resp.headers = headers return resp
def OPTIONS(self, req): """ Base handler for OPTIONS requests :param req: swob.Request object :returns: swob.Response object """ # Prepare the default response headers = {'Allow': ', '.join(self.allowed_methods)} resp = Response(status=200, request=req, headers=headers) # If this isn't a CORS pre-flight request then return now req_origin_value = req.headers.get('Origin', None) if not req_origin_value: return resp # This is a CORS preflight request so check it's allowed try: container_info = \ self.container_info(self.account_name, self.container_name) except AttributeError: # This should only happen for requests to the Account. A future # change could allow CORS requests to the Account level as well. return resp cors = container_info.get('cors', {}) # If the CORS origin isn't allowed return a 401 if not self.is_origin_allowed(cors, req_origin_value) or ( req.headers.get('Access-Control-Request-Method') not in self.allowed_methods): resp.status = HTTP_UNAUTHORIZED return resp # Always allow the x-auth-token header. This ensures # clients can always make a request to the resource. allow_headers = set() if cors.get('allow_headers'): allow_headers.update( [a.strip() for a in cors['allow_headers'].split(' ') if a.strip()]) allow_headers.add('x-auth-token') # Populate the response with the CORS preflight headers headers['access-control-allow-origin'] = req_origin_value if cors.get('max_age') is not None: headers['access-control-max-age'] = cors.get('max_age') headers['access-control-allow-methods'] = \ ', '.join(self.allowed_methods) headers['access-control-allow-headers'] = ', '.join(allow_headers) resp.headers = headers return resp
def OPTIONS_base(self, req): """ Base handler for OPTIONS requests :param req: swob.Request object :returns: swob.Response object """ headers = {'Allow': ', '.join(self.allowed_methods)} resp = Response(status=200, request=req, headers=headers) req_origin_value = req.headers.get('Origin', None) if not req_origin_value: # NOT a CORS request return resp # CORS preflight request try: container_info = \ self.container_info(self.account_name, self.container_name) except AttributeError: container_info = {} cors = container_info.get('cors', {}) allowed_origins = set() if cors.get('allow_origin'): allowed_origins.update(cors['allow_origin'].split(' ')) if self.app.cors_allow_origin: allowed_origins.update(self.app.cors_allow_origin) if (req_origin_value not in allowed_origins and '*' not in allowed_origins) or ( req.headers.get('Access-Control-Request-Method') not in self.allowed_methods): resp.status = HTTP_UNAUTHORIZED return resp # CORS preflight request that isn't valid headers['access-control-allow-origin'] = req_origin_value if cors.get('max_age', None) is not None: headers['access-control-max-age'] = '%d' % cors.get('max_age') headers['access-control-allow-methods'] = ', '.join( self.allowed_methods) if cors.get('allow_headers'): headers['access-control-allow-headers'] = cors.get('allow_headers') resp.headers = headers return resp
def OPTIONS_base(self, req): """ Base handler for OPTIONS requests :param req: swob.Request object :returns: swob.Response object """ headers = {'Allow': ', '.join(self.allowed_methods)} resp = Response(status=200, request=req, headers=headers) req_origin_value = req.headers.get('Origin', None) if not req_origin_value: # NOT a CORS request return resp # CORS preflight request try: container_info = \ self.container_info(self.account_name, self.container_name) except AttributeError: container_info = {} cors = container_info.get('cors', {}) allowed_origins = set() if cors.get('allow_origin'): allowed_origins.update(cors['allow_origin'].split(' ')) if self.app.cors_allow_origin: allowed_origins.update(self.app.cors_allow_origin) if (req_origin_value not in allowed_origins and '*' not in allowed_origins) or ( req.headers.get('Access-Control-Request-Method') not in self.allowed_methods): resp.status = HTTP_UNAUTHORIZED return resp # CORS preflight request that isn't valid headers['access-control-allow-origin'] = req_origin_value if cors.get('max_age') is not None: headers['access-control-max-age'] = cors.get('max_age') headers['access-control-allow-methods'] = ', '.join( self.allowed_methods) if cors.get('allow_headers'): headers['access-control-allow-headers'] = cors.get('allow_headers') resp.headers = headers return resp
try: (obj_status, objct) = get_object(storage_url, token, cont, obj) except ClientException, e: resp = Response(charset='utf8') resp.status = e.http_status return resp except err: pass resp = Response() resp.set_cookie('_token', token, path=self.page_path, max_age=self.cookie_max_age, secure=self.secure) resp.status = HTTP_OK resp.headers = obj_status resp.body = objct self.token_bank[token].update({'msg': ''}) self.memcache_update(token) return resp return HTTPFound(location=self.add_prefix(storage_url)) def page_cont_list(self, req, storage_url, token, template=None): """ """ if template is None: tmpl = self.tmpl path = urlparse(self.del_prefix(req.url)).path if len(path.split('/')) <= 2: path = urlparse(storage_url).path vrs, acc, cont, obj = split_path(path, 1, 4, True) lang = self.get_lang(req)
return self.page_obj_list(req, storage_url, token) if path_type == 4: # object try: (obj_status, objct) = get_object(storage_url, token, cont, obj) except ClientException, e: resp = Response(charset='utf8') resp.status = e.http_status return resp except err: pass resp = Response() resp.set_cookie('_token', token, path=self.page_path, max_age=self.cookie_max_age, secure=self.secure) resp.status = HTTP_OK resp.headers = obj_status resp.body = objct self.token_bank[token].update({'msg': ''}) self.memcache_update(token) return resp return HTTPFound(location=self.add_prefix(storage_url)) def page_cont_list(self, req, storage_url, token, template=None): """ """ if template is None: tmpl = self.tmpl path = urlparse(self.del_prefix(req.url)).path if len(path.split('/')) <= 2: path = urlparse(storage_url).path vrs, acc, cont, obj = split_path(path, 1, 4, True) lang = self.get_lang(req)