def test_signal_that_returns_true(self): def handler(*args, **kwargs): return True check_request_enabled.connect(handler) resp = self.client.options( '/test-view/', HTTP_ORIGIN='http://foobar.it', HTTP_ACCESS_CONTROL_REQUEST_METHOD='value', ) assert resp.status_code == 200 assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == 'http://foobar.it'
def test_signal_allow_some_urls_to_everyone(self): def allow_api_to_all(sender, request, **kwargs): return request.path.startswith('/api/') check_request_enabled.connect(allow_api_to_all) resp = self.client.options( '/test-view/', HTTP_ORIGIN='http://example.org', HTTP_ACCESS_CONTROL_REQUEST_METHOD='value', ) assert resp.status_code == 200 assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp resp = self.client.options( '/api/something/', HTTP_ORIGIN='http://example.org', HTTP_ACCESS_CONTROL_REQUEST_METHOD='value', ) assert resp.status_code == 200 assert resp[ACCESS_CONTROL_ALLOW_ORIGIN] == 'http://example.org'
# can get it (instead of generating a new one and saving it into this # new empty session) # See djangoapps.xblock.utils.get_xblock_id_for_anonymous_user() user.xblock_id_for_anonymous_user = user_id else: raise AuthenticationFailed("Invalid user ID format.") request_webob = DjangoWebobRequest( request ) # Convert from django request to the webob format that XBlocks expect block = load_block(usage_key, user) # Run the handler, and save any resulting XBlock field value changes: response_webob = block.handle(handler_name, request_webob, suffix) response = webob_to_django_response(response_webob) return response def cors_allow_xblock_handler(sender, request, **kwargs): # lint-amnesty, pylint: disable=unused-argument """ Sandboxed XBlocks need to be able to call XBlock handlers via POST, from a different domain. See 'xblock_handler' method for details and how security is enforced. Per the corsheaders docs, a signal is the only way to achieve this for just a specific view/URL. """ return request.path.startswith( '/api/xblock/v2/xblocks/') and '/handler/' in request.path check_request_enabled.connect(cors_allow_xblock_handler)
from corsheaders.signals import check_request_enabled def cors_allow_api_to_everyone(sender, request, **kwargs): return request.path.startswith('/api/') check_request_enabled.connect(cors_allow_api_to_everyone)
from corsheaders.signals import check_request_enabled from myapp.models import MySite def cors_allow_mysites(sender, request, **kwargs): return MySite.objects.filter(host=request.host).exists() check_request_enabled.connect(cors_allow_mysites)
def temporary_check_request_hander(handler): check_request_enabled.connect(handler) try: yield finally: check_request_enabled.disconnect(handler)
# myapp/handlers.py from corsheaders.signals import check_request_enabled def cors_allow_api_to_everyone(sender, request, **kwargs): return request.path.startswith("/api/") check_request_enabled.connect(cors_allow_api_to_everyone)
from corsheaders.signals import check_request_enabled def cors_allow_origins_for_polaris_requests(sender, request, **_kwargs): return (request.path.startswith("/sep24") or request.path.startswith("/sep6") or request.path.startswith("/sep31") or request.path.startswith("/.well-known") or request.path.startswith("/auth") or request.path.startswith("/kyc")) check_request_enabled.connect(cors_allow_origins_for_polaris_requests)
from dashboard.tasks import m2m_changed_interested m2m_changed_interested.delay(instance.pk) def changed_fulfillments(sender, instance, action, reverse, model, **kwargs): """Handle changes to Bounty fulfillments.""" event_name = 'work_submitted' profile_handles = [] fulfillments = instance.fulfillments.select_related( 'profile').all().order_by('pk') if fulfillments.filter(accepted=True).exists(): event_name = 'work_done' for fulfillment in fulfillments: profile_handles.append( (fulfillment.profile.handle, fulfillment.profile.absolute_url)) if action in ['post_add', 'post_remove']: maybe_market_to_github(instance, event_name, profile_pairs=profile_handles) def allow_all_bounties(sender, request, **kwargs): return request.method == 'GET' and request.path.startswith( '/api/v0.1/bounties/') check_request_enabled.connect(allow_all_bounties)
def ready(self): check_request_enabled.connect(self.allow_api)
from corsheaders.signals import check_request_enabled # Allow CORS for All GBFS Urls def cors_allow(sender, request, **kwargs): return request.path.startswith('/gbfs/') check_request_enabled.connect(cors_allow)
# coding: utf-8 from corsheaders.signals import check_request_enabled from .models import CorsModel def cors_allow_external_sites(sender, request, **kwargs): origin = request.META.get('HTTP_ORIGIN') return CorsModel.objects.filter(cors=origin).exists() check_request_enabled.connect(cors_allow_external_sites)
def ready(self): # Makes sure all signal handlers are connected if getattr(settings, 'BADGR_CORS_MODEL'): from mainsite.signals import cors_allowed_sites check_request_enabled.connect(cors_allowed_sites)
client = kwargs['instance'] tracker = client.tracker if client.manager_code and not getattr(client, 'discount', None): discount = Discount.objects.get_by_code(client.manager_code) ClientDiscount.client_spanshot(discount, client) if tracker.has_changed('login') or tracker.has_changed('login_alias'): invalidate_mb_client_login_cache.delay(client_id=client.id) if client.installation == 'installed': invalidate_client_cache_task.delay(client_id=client.id) try: client.website except Client.website.RelatedObjectDoesNotExist: website = ClientWebsite() website.is_enabled = True website.client = client website.generate_url() website.save() def cors_allow_with_own_domains(sender, request, **kwargs): """ Check if the CORS request is allowed """ return cors.check_host(request.get_host()) check_request_enabled.connect(cors_allow_with_own_domains)
from corsheaders.signals import check_request_enabled from django.urls import resolve from django.conf import settings def cors_allow_for_client_namespaces(sender, request, **kwargs): namespace = resolve(request.path).namespace return namespace in settings.NAMESPACES_FOR_CLIENTS check_request_enabled.connect(cors_allow_for_client_namespaces)