def forbidden_view(request):
if not request.credentials_id or request.credentials_id == Everyone:
resp = Response(
'{"error": "401 Unauthorized",' ' "msg": "You must be logged-in to access this page."}',
status="401 Unauthorized",
content_type="application/json",
)
else:
resp = Response(
'{"error": "403 Forbidden",'
' "credentials_id": "%s", "msg": "Access to this resource is '
'Forbidden."}' % request.credentials_id,
status="403 Forbidden",
content_type="application/json",
)
# We need to re-apply the CORS checks done by Cornice, since we're
# recreating the response from scratch.
services = request.registry.cornice_services
pattern = request.matched_route.pattern
service = services.get(pattern, None)
request.info["cors_checked"] = False
resp = ensure_origin(service, request, resp)
return resp
def reapply_cors(request, response):
"""Reapply cors headers to the new response with regards to the request.
We need to re-apply the CORS checks done by Cornice, in case we're
recreating the response from scratch.
"""
service = request.current_service
if service:
request.info['cors_checked'] = False
cors.apply_cors_post_request(service, request, response)
response = cors.ensure_origin(service, request, response)
else:
# No existing service is concerned, and Cornice is not implied.
origin = request.headers.get('Origin')
if origin:
settings = request.registry.settings
allowed_origins = set(aslist(settings['cors_origins']))
required_origins = {'*', decode_header(origin)}
if allowed_origins.intersection(required_origins):
origin = encode_header(origin)
response.headers['Access-Control-Allow-Origin'] = origin
# Import service here because kinto.core import utils
from kinto.core import Service
if Service.default_cors_headers:
headers = ','.join(Service.default_cors_headers)
response.headers['Access-Control-Expose-Headers'] = headers
return response
def reapply_cors(request, response):
"""Reapply cors headers to the new response with regards to the request.
We need to re-apply the CORS checks done by Cornice, in case we're
recreating the response from scratch.
"""
service = request.current_service
if service:
request.info["cors_checked"] = False
cors.apply_cors_post_request(service, request, response)
response = cors.ensure_origin(service, request, response)
else:
# No existing service is concerned, and Cornice is not implied.
origin = request.headers.get("Origin")
if origin:
settings = request.registry.settings
allowed_origins = set(aslist(settings["cors_origins"]))
required_origins = {"*", origin}
if allowed_origins.intersection(required_origins):
response.headers["Access-Control-Allow-Origin"] = origin
# Import service here because kinto.core import utils
from kinto.core import Service
if Service.default_cors_headers: # pragma: no branch
headers = ",".join(Service.default_cors_headers)
response.headers["Access-Control-Expose-Headers"] = headers
return response
def reapply_cors(request, response):
"""Reapply cors headers to the new response with regards to the request.
We need to re-apply the CORS checks done by Cornice, in case we're
recreating the response from scratch.
"""
service = current_service(request)
if service:
request.info['cors_checked'] = False
cors.apply_cors_post_request(service, request, response)
response = cors.ensure_origin(service, request, response)
else:
# No existing service is concerned, and Cornice is not implied.
origin = request.headers.get('Origin')
if origin:
settings = request.registry.settings
allowed_origins = set(aslist(settings['cors_origins']))
required_origins = {'*', decode_header(origin)}
if allowed_origins.intersection(required_origins):
origin = encode_header(origin)
response.headers['Access-Control-Allow-Origin'] = origin
# Import service here because cliquet import utils
from cliquet import Service
if Service.default_cors_headers:
headers = ','.join(Service.default_cors_headers)
response.headers['Access-Control-Expose-Headers'] = headers
return response
def reapply_cors(request, response):
"""Reapply cors headers to the new response with regards to the request.
We need to re-apply the CORS checks done by Cornice, in case we're
recreating the response from scratch.
"""
service = current_service(request)
if service:
request.info['cors_checked'] = False
response = cors.ensure_origin(service, request, response)
return response
def forbidden_view(request):
if not request.credentials_id or request.credentials_id == Everyone:
resp = Response(
'{"error": "401 Unauthorized",'
' "msg": "You must be logged-in to access this page."}',
status='401 Unauthorized',
content_type='application/json')
else:
resp = Response(
'{"error": "403 Forbidden",'
' "credentials_id": "%s", "msg": "Access to this resource is '
'Forbidden."}' % request.credentials_id,
status='403 Forbidden',
content_type='application/json')
# We need to re-apply the CORS checks done by Cornice, since we're
# recreating the response from scratch.
services = request.registry.cornice_services
pattern = request.matched_route.pattern
service = services.get(pattern, None)
request.info['cors_checked'] = False
resp = ensure_origin(service, request, resp)
return resp
