def forbidden_view(request): if not request.credentials_id or request.credentials_id == Everyone: resp = Response( '{"error": "401 Unauthorized",' ' "msg": "You must be logged-in to access this page."}', status="401 Unauthorized", content_type="application/json", ) else: resp = Response( '{"error": "403 Forbidden",' ' "credentials_id": "%s", "msg": "Access to this resource is ' 'Forbidden."}' % request.credentials_id, status="403 Forbidden", content_type="application/json", ) # We need to re-apply the CORS checks done by Cornice, since we're # recreating the response from scratch. services = request.registry.cornice_services pattern = request.matched_route.pattern service = services.get(pattern, None) request.info["cors_checked"] = False resp = ensure_origin(service, request, resp) return resp
def reapply_cors(request, response): """Reapply cors headers to the new response with regards to the request. We need to re-apply the CORS checks done by Cornice, in case we're recreating the response from scratch. """ service = request.current_service if service: request.info['cors_checked'] = False cors.apply_cors_post_request(service, request, response) response = cors.ensure_origin(service, request, response) else: # No existing service is concerned, and Cornice is not implied. origin = request.headers.get('Origin') if origin: settings = request.registry.settings allowed_origins = set(aslist(settings['cors_origins'])) required_origins = {'*', decode_header(origin)} if allowed_origins.intersection(required_origins): origin = encode_header(origin) response.headers['Access-Control-Allow-Origin'] = origin # Import service here because kinto.core import utils from kinto.core import Service if Service.default_cors_headers: headers = ','.join(Service.default_cors_headers) response.headers['Access-Control-Expose-Headers'] = headers return response
def reapply_cors(request, response): """Reapply cors headers to the new response with regards to the request. We need to re-apply the CORS checks done by Cornice, in case we're recreating the response from scratch. """ service = request.current_service if service: request.info["cors_checked"] = False cors.apply_cors_post_request(service, request, response) response = cors.ensure_origin(service, request, response) else: # No existing service is concerned, and Cornice is not implied. origin = request.headers.get("Origin") if origin: settings = request.registry.settings allowed_origins = set(aslist(settings["cors_origins"])) required_origins = {"*", origin} if allowed_origins.intersection(required_origins): response.headers["Access-Control-Allow-Origin"] = origin # Import service here because kinto.core import utils from kinto.core import Service if Service.default_cors_headers: # pragma: no branch headers = ",".join(Service.default_cors_headers) response.headers["Access-Control-Expose-Headers"] = headers return response
def reapply_cors(request, response): """Reapply cors headers to the new response with regards to the request. We need to re-apply the CORS checks done by Cornice, in case we're recreating the response from scratch. """ service = current_service(request) if service: request.info['cors_checked'] = False cors.apply_cors_post_request(service, request, response) response = cors.ensure_origin(service, request, response) else: # No existing service is concerned, and Cornice is not implied. origin = request.headers.get('Origin') if origin: settings = request.registry.settings allowed_origins = set(aslist(settings['cors_origins'])) required_origins = {'*', decode_header(origin)} if allowed_origins.intersection(required_origins): origin = encode_header(origin) response.headers['Access-Control-Allow-Origin'] = origin # Import service here because cliquet import utils from cliquet import Service if Service.default_cors_headers: headers = ','.join(Service.default_cors_headers) response.headers['Access-Control-Expose-Headers'] = headers return response
def reapply_cors(request, response): """Reapply cors headers to the new response with regards to the request. We need to re-apply the CORS checks done by Cornice, in case we're recreating the response from scratch. """ service = current_service(request) if service: request.info['cors_checked'] = False response = cors.ensure_origin(service, request, response) return response
def forbidden_view(request): if not request.credentials_id or request.credentials_id == Everyone: resp = Response( '{"error": "401 Unauthorized",' ' "msg": "You must be logged-in to access this page."}', status='401 Unauthorized', content_type='application/json') else: resp = Response( '{"error": "403 Forbidden",' ' "credentials_id": "%s", "msg": "Access to this resource is ' 'Forbidden."}' % request.credentials_id, status='403 Forbidden', content_type='application/json') # We need to re-apply the CORS checks done by Cornice, since we're # recreating the response from scratch. services = request.registry.cornice_services pattern = request.matched_route.pattern service = services.get(pattern, None) request.info['cors_checked'] = False resp = ensure_origin(service, request, resp) return resp