def test_it_returns_set_cors_headers_value(self, pyramid_request, testview,
set_cors_headers):
cors_policy = policy()
response = cors_policy(testview)(None, pyramid_request)
assert response == set_cors_headers.return_value
def test_it_returns_wrapped_view_function_response(self, pyramid_request,
testview):
cors_policy = policy()
response = cors_policy(testview)(None, pyramid_request)
assert response.body == b"OK"
def test_it_sets_cors_headers(self, pyramid_request, testview,
set_cors_headers):
cors_policy = policy()
cors_policy(testview)(None, pyramid_request)
assert set_cors_headers.called
def test_it_adds_one_preflight_view_per_route(self, pyramid_config):
cors_policy = policy()
pyramid_config.add_route("api.read_thing", "/api/thing")
pyramid_config.add_view = mock.Mock()
add_preflight_view(pyramid_config, "api.read_thing", cors_policy)
add_preflight_view(pyramid_config, "api.read_thing", cors_policy)
assert pyramid_config.add_view.call_count == 1
def test_preflight_view_uses_cors_decorator(self, pyramid_config):
cors_policy = policy()
pyramid_config.add_route("api.read_thing", "/api/thing")
pyramid_config.add_view = mock.Mock()
add_preflight_view(pyramid_config, "api.read_thing", cors_policy)
(_, kwargs) = pyramid_config.add_view.call_args
assert kwargs["decorator"] == cors_policy
def test_it_adds_preflight_view(self, pyramid_config):
cors_policy = policy()
pyramid_config.add_route("api.read_thing", "/api/thing")
add_preflight_view(pyramid_config, "api.read_thing", cors_policy)
app = pyramid_config.make_wsgi_app()
headers = {
"Origin": "https://custom-client.herokuapp.com",
"Access-Control-Request-Method": "POST",
}
request = Request.blank("/api/thing", method="OPTIONS", headers=headers)
resp = request.get_response(app)
assert resp.status_code == 200
assert resp.body == b""
from h.views.api import API_VERSIONS
#: Decorator that adds CORS headers to API responses.
#:
#: This decorator enables web applications not running on the same domain as h
#: to make API requests and read the responses.
#:
#: For standard API views the decorator is automatically applied by the
#: ``api_config`` decorator.
#:
#: Exception views need to independently apply this policy because any response
#: headers set during standard request processing are discarded if an exception
#: occurs and an exception view is invoked to generate the response instead.
cors_policy = cors.policy(
allow_headers=("Authorization", "Content-Type", "X-Client-Id"),
allow_methods=("HEAD", "GET", "PATCH", "POST", "PUT", "DELETE"),
)
def add_api_view(
config,
view,
versions,
link_name=None,
description=None,
enable_preflight=True,
**settings
):
"""
Add a view configuration for an API view.
def test_it_calls_wrapped_view_function(self, pyramid_request, testview):
cors_policy = policy()
cors_policy(testview)(None, pyramid_request)
assert testview.called
from h.views.api import API_VERSIONS, API_VERSION_DEFAULT
#: Decorator that adds CORS headers to API responses.
#:
#: This decorator enables web applications not running on the same domain as h
#: to make API requests and read the responses.
#:
#: For standard API views the decorator is automatically applied by the
#: ``api_config`` decorator.
#:
#: Exception views need to independently apply this policy because any response
#: headers set during standard request processing are discarded if an exception
#: occurs and an exception view is invoked to generate the response instead.
cors_policy = cors.policy(
allow_headers=("Authorization", "Content-Type", "X-Client-Id"),
allow_methods=("HEAD", "GET", "PATCH", "POST", "PUT", "DELETE"),
)
def add_api_view(
config,
view,
versions,
link_name=None,
description=None,
enable_preflight=True,
**settings
):
"""
Add a view configuration for an API view.