def OPTIONS(self, req):
"""
Base handler for OPTIONS requests
:param req: swob.Request object
:returns: swob.Response object
"""
# Prepare the default response
headers = {'Allow': ', '.join(self.allowed_methods)}
resp = Response(status=200, request=req, headers=headers)
# If this isn't a CORS pre-flight request then return now
req_origin_value = req.headers.get('Origin', None)
if not req_origin_value:
return resp
# This is a CORS preflight request so check it's allowed
try:
container_info = \
self.container_info(self.account_name,
self.container_name, req)
except AttributeError:
# This should only happen for requests to the Account. A future
# change could allow CORS requests to the Account level as well.
return resp
cors = container_info.get('cors', {})
# If the CORS origin isn't allowed return a 401
if not self.is_origin_allowed(cors, req_origin_value) or (
req.headers.get('Access-Control-Request-Method') not in
self.allowed_methods):
resp.status = HTTP_UNAUTHORIZED
return resp
# Allow all headers requested in the request. The CORS
# specification does leave the door open for this, as mentioned in
# http://www.w3.org/TR/cors/#resource-preflight-requests
# Note: Since the list of headers can be unbounded
# simply returning headers can be enough.
allow_headers = set()
if req.headers.get('Access-Control-Request-Headers'):
allow_headers.update(
list_from_csv(req.headers['Access-Control-Request-Headers']))
# Populate the response with the CORS preflight headers
if cors.get('allow_origin', '').strip() == '*':
headers['access-control-allow-origin'] = '*'
else:
headers['access-control-allow-origin'] = req_origin_value
if cors.get('max_age') is not None:
headers['access-control-max-age'] = cors.get('max_age')
headers['access-control-allow-methods'] = \
', '.join(self.allowed_methods)
if allow_headers:
headers['access-control-allow-headers'] = ', '.join(allow_headers)
resp.headers = headers
return resp
def OPTIONS(self, req):
"""
Base handler for OPTIONS requests
:param req: swob.Request object
:returns: swob.Response object
"""
# Prepare the default response
headers = {'Allow': ', '.join(self.allowed_methods)}
resp = Response(status=200, request=req, headers=headers)
# If this isn't a CORS pre-flight request then return now
req_origin_value = req.headers.get('Origin', None)
if not req_origin_value:
return resp
# This is a CORS preflight request so check it's allowed
try:
container_info = \
self.container_info(self.account_name,
self.container_name, req)
except AttributeError:
# This should only happen for requests to the Account. A future
# change could allow CORS requests to the Account level as well.
return resp
cors = container_info.get('cors', {})
# If the CORS origin isn't allowed return a 401
if not self.is_origin_allowed(cors, req_origin_value) or (
req.headers.get('Access-Control-Request-Method')
not in self.allowed_methods):
resp.status = HTTP_UNAUTHORIZED
return resp
# Allow all headers requested in the request. The CORS
# specification does leave the door open for this, as mentioned in
# http://www.w3.org/TR/cors/#resource-preflight-requests
# Note: Since the list of headers can be unbounded
# simply returning headers can be enough.
allow_headers = set()
if req.headers.get('Access-Control-Request-Headers'):
allow_headers.update(
list_from_csv(req.headers['Access-Control-Request-Headers']))
# Populate the response with the CORS preflight headers
headers['access-control-allow-origin'] = req_origin_value
if cors.get('max_age') is not None:
headers['access-control-max-age'] = cors.get('max_age')
headers['access-control-allow-methods'] = \
', '.join(self.allowed_methods)
if allow_headers:
headers['access-control-allow-headers'] = ', '.join(allow_headers)
resp.headers = headers
return resp
def OPTIONS(self, req):
"""
Base handler for OPTIONS requests
:param req: swob.Request object
:returns: swob.Response object
"""
# Prepare the default response
headers = {'Allow': ', '.join(self.allowed_methods)}
resp = Response(status=200, request=req, headers=headers)
# If this isn't a CORS pre-flight request then return now
req_origin_value = req.headers.get('Origin', None)
if not req_origin_value:
return resp
# This is a CORS preflight request so check it's allowed
try:
container_info = \
self.container_info(self.account_name, self.container_name)
except AttributeError:
# This should only happen for requests to the Account. A future
# change could allow CORS requests to the Account level as well.
return resp
cors = container_info.get('cors', {})
# If the CORS origin isn't allowed return a 401
if not self.is_origin_allowed(cors, req_origin_value) or (
req.headers.get('Access-Control-Request-Method') not in
self.allowed_methods):
resp.status = HTTP_UNAUTHORIZED
return resp
# Always allow the x-auth-token header. This ensures
# clients can always make a request to the resource.
allow_headers = set()
if cors.get('allow_headers'):
allow_headers.update(
[a.strip()
for a in cors['allow_headers'].split(' ')
if a.strip()])
allow_headers.add('x-auth-token')
# Populate the response with the CORS preflight headers
headers['access-control-allow-origin'] = req_origin_value
if cors.get('max_age') is not None:
headers['access-control-max-age'] = cors.get('max_age')
headers['access-control-allow-methods'] = \
', '.join(self.allowed_methods)
headers['access-control-allow-headers'] = ', '.join(allow_headers)
resp.headers = headers
return resp
def OPTIONS_base(self, req):
"""
Base handler for OPTIONS requests
:param req: swob.Request object
:returns: swob.Response object
"""
headers = {'Allow': ', '.join(self.allowed_methods)}
resp = Response(status=200, request=req,
headers=headers)
req_origin_value = req.headers.get('Origin', None)
if not req_origin_value:
# NOT a CORS request
return resp
# CORS preflight request
try:
container_info = \
self.container_info(self.account_name, self.container_name)
except AttributeError:
container_info = {}
cors = container_info.get('cors', {})
allowed_origins = set()
if cors.get('allow_origin'):
allowed_origins.update(cors['allow_origin'].split(' '))
if self.app.cors_allow_origin:
allowed_origins.update(self.app.cors_allow_origin)
if (req_origin_value not in allowed_origins and
'*' not in allowed_origins) or (
req.headers.get('Access-Control-Request-Method') not in
self.allowed_methods):
resp.status = HTTP_UNAUTHORIZED
return resp # CORS preflight request that isn't valid
headers['access-control-allow-origin'] = req_origin_value
if cors.get('max_age', None) is not None:
headers['access-control-max-age'] = '%d' % cors.get('max_age')
headers['access-control-allow-methods'] = ', '.join(
self.allowed_methods)
if cors.get('allow_headers'):
headers['access-control-allow-headers'] = cors.get('allow_headers')
resp.headers = headers
return resp
def OPTIONS_base(self, req):
"""
Base handler for OPTIONS requests
:param req: swob.Request object
:returns: swob.Response object
"""
headers = {'Allow': ', '.join(self.allowed_methods)}
resp = Response(status=200, request=req, headers=headers)
req_origin_value = req.headers.get('Origin', None)
if not req_origin_value:
# NOT a CORS request
return resp
# CORS preflight request
try:
container_info = \
self.container_info(self.account_name, self.container_name)
except AttributeError:
container_info = {}
cors = container_info.get('cors', {})
allowed_origins = set()
if cors.get('allow_origin'):
allowed_origins.update(cors['allow_origin'].split(' '))
if self.app.cors_allow_origin:
allowed_origins.update(self.app.cors_allow_origin)
if (req_origin_value not in allowed_origins
and '*' not in allowed_origins) or (
req.headers.get('Access-Control-Request-Method')
not in self.allowed_methods):
resp.status = HTTP_UNAUTHORIZED
return resp # CORS preflight request that isn't valid
headers['access-control-allow-origin'] = req_origin_value
if cors.get('max_age') is not None:
headers['access-control-max-age'] = cors.get('max_age')
headers['access-control-allow-methods'] = ', '.join(
self.allowed_methods)
if cors.get('allow_headers'):
headers['access-control-allow-headers'] = cors.get('allow_headers')
resp.headers = headers
return resp
try:
(obj_status, objct) = get_object(storage_url, token, cont, obj)
except ClientException, e:
resp = Response(charset='utf8')
resp.status = e.http_status
return resp
except err:
pass
resp = Response()
resp.set_cookie('_token',
token,
path=self.page_path,
max_age=self.cookie_max_age,
secure=self.secure)
resp.status = HTTP_OK
resp.headers = obj_status
resp.body = objct
self.token_bank[token].update({'msg': ''})
self.memcache_update(token)
return resp
return HTTPFound(location=self.add_prefix(storage_url))
def page_cont_list(self, req, storage_url, token, template=None):
""" """
if template is None:
tmpl = self.tmpl
path = urlparse(self.del_prefix(req.url)).path
if len(path.split('/')) <= 2:
path = urlparse(storage_url).path
vrs, acc, cont, obj = split_path(path, 1, 4, True)
lang = self.get_lang(req)
return self.page_obj_list(req, storage_url, token)
if path_type == 4: # object
try:
(obj_status, objct) = get_object(storage_url, token, cont, obj)
except ClientException, e:
resp = Response(charset='utf8')
resp.status = e.http_status
return resp
except err:
pass
resp = Response()
resp.set_cookie('_token', token, path=self.page_path,
max_age=self.cookie_max_age,
secure=self.secure)
resp.status = HTTP_OK
resp.headers = obj_status
resp.body = objct
self.token_bank[token].update({'msg': ''})
self.memcache_update(token)
return resp
return HTTPFound(location=self.add_prefix(storage_url))
def page_cont_list(self, req, storage_url, token, template=None):
""" """
if template is None:
tmpl = self.tmpl
path = urlparse(self.del_prefix(req.url)).path
if len(path.split('/')) <= 2:
path = urlparse(storage_url).path
vrs, acc, cont, obj = split_path(path, 1, 4, True)
lang = self.get_lang(req)
