def process_response(
self,
req: falcon.Request,
resp: falcon.Response,
resource: object,
req_succeeded: bool,
):
""" Intercepts outgoing responses and handles incoming CORS OPTIONS
preflight requests.
Args:
req (falcon.Request): The Falcon `Request` object.
resp (falcon.Response): The Falcon `Response` object.
resource (object): Resource object to which the request was routed.
May be None if no route was found for the request.
req_succeeded (bool): True if no exceptions were raised while the
framework processed and routed the request; otherwise False.
"""
# Set the `Access-Control-Allow-Origin` header.
resp.set_header('Access-Control-Allow-Origin', '*')
# Skip the request if it doesn't exhibit the characteristics of a CORS
# OPTIONS preflight request.
if not self.is_req_cors(req=req):
return None
msg_fmt = "Processing CORS preflight OPTIONS request."
self.logger.info(msg_fmt)
# Retrieve and remove the `Allow` header from the response.
allow = resp.get_header('Allow')
resp.delete_header('Allow')
# Retrieve the `Access-Control-Request-Headers` header from the
# request.
allow_headers = req.get_header('Access-Control-Request-Headers',
default='*')
# Set the appropriate CORS headers in the response.
resp.set_header(name="Access-Control-Allow-Methods", value=allow)
resp.set_header(
name="Access-Control-Allow-Headers",
value=allow_headers,
)
resp.set_header(name="Access-Control-Max-Age", value='86400')
