def process_response( self, req: falcon.Request, resp: falcon.Response, resource: object, req_succeeded: bool, ): """ Intercepts outgoing responses and handles incoming CORS OPTIONS preflight requests. Args: req (falcon.Request): The Falcon `Request` object. resp (falcon.Response): The Falcon `Response` object. resource (object): Resource object to which the request was routed. May be None if no route was found for the request. req_succeeded (bool): True if no exceptions were raised while the framework processed and routed the request; otherwise False. """ # Set the `Access-Control-Allow-Origin` header. resp.set_header('Access-Control-Allow-Origin', '*') # Skip the request if it doesn't exhibit the characteristics of a CORS # OPTIONS preflight request. if not self.is_req_cors(req=req): return None msg_fmt = "Processing CORS preflight OPTIONS request." self.logger.info(msg_fmt) # Retrieve and remove the `Allow` header from the response. allow = resp.get_header('Allow') resp.delete_header('Allow') # Retrieve the `Access-Control-Request-Headers` header from the # request. allow_headers = req.get_header('Access-Control-Request-Headers', default='*') # Set the appropriate CORS headers in the response. resp.set_header(name="Access-Control-Allow-Methods", value=allow) resp.set_header( name="Access-Control-Allow-Headers", value=allow_headers, ) resp.set_header(name="Access-Control-Max-Age", value='86400')