def create_api(global_config, **settings):
settings = get_settings(global_config, **settings)
config = Configurator(settings=settings)
config.set_authentication_policy(remote_authn)
config.set_authorization_policy(acl_authz)
config.set_root_factory('h.api.resources.create_root')
config.add_renderer('json', JSON(indent=4))
config.add_subscriber('h.api.subscribers.set_user_from_oauth',
'pyramid.events.ContextFound')
config.add_tween('h.api.tweens.auth_token')
config.include('h.features')
config.include('h.auth')
config.include('h.api.db')
config.include('h.api.views')
if config.registry.feature('queue'):
config.include('h.queue')
config.include('h.api.queue')
app = config.make_wsgi_app()
app = permit_cors(app,
allow_headers=('Authorization',
'X-Annotator-Auth-Token'),
allow_methods=('HEAD', 'GET', 'POST', 'PUT', 'DELETE'))
return app
def create_app(global_config, **settings):
"""Configure and add static routes and views. Return the WSGI app."""
settings = get_settings(global_config, **settings)
config = Configurator(settings=settings)
config.set_root_factory('h.resources.create_root')
config.add_subscriber('h.subscribers.add_renderer_globals',
'pyramid.events.BeforeRender')
config.add_subscriber('h.subscribers.set_user_from_oauth',
'pyramid.events.NewRequest')
config.add_tween('h.tweens.csrf_tween_factory')
config.add_tween('h.tweens.auth_token')
config.include(__name__)
app = config.make_wsgi_app()
app = permit_cors(app,
allow_headers=(
'Authorization',
'Content-Type',
'X-Annotator-Auth-Token',
'X-Client-Id',
),
allow_methods=('HEAD', 'GET', 'POST', 'PUT', 'DELETE'))
return app
def create_api(global_config, **settings):
settings = get_settings(global_config, **settings)
config = Configurator(settings=settings)
config.set_authentication_policy(remote_authn)
config.set_authorization_policy(acl_authz)
config.set_root_factory("h.api.resources.create_root")
config.add_renderer("json", JSON(indent=4))
config.add_subscriber("h.api.subscribers.set_user_from_oauth", "pyramid.events.ContextFound")
config.add_tween("h.api.tweens.auth_token")
config.include("h.features")
config.include("h.auth")
config.include("h.api.db")
config.include("h.api.views")
if config.registry.feature("queue"):
config.include("h.queue")
config.include("h.api.queue")
app = config.make_wsgi_app()
app = permit_cors(
app,
allow_headers=("Authorization", "X-Annotator-Auth-Token"),
allow_methods=("HEAD", "GET", "POST", "PUT", "DELETE"),
)
return app
def test_permit_cors_sets_allow_methods_OPTIONS_for_preflight(headers):
request = Request.blank('/', method='OPTIONS', headers=headers)
wrapped = permit_cors(wsgi_testapp)
resp = request.get_response(wrapped)
assert resp.headers['Access-Control-Allow-Methods'] == 'OPTIONS'
def test_permit_cors_returns_empty_body_for_preflight(headers):
request = Request.blank('/', method='OPTIONS', headers=headers)
wrapped = permit_cors(wsgi_testapp)
resp = request.get_response(wrapped)
assert resp.body == ''
def test_permit_cors_sets_allow_origin_for_preflight(headers):
request = Request.blank('/', method='OPTIONS', headers=headers)
wrapped = permit_cors(wsgi_testapp)
resp = request.get_response(wrapped)
assert resp.headers['Access-Control-Allow-Origin'] == 'http://example.com'
def test_permit_cors_adds_allow_origin_header_for_non_preflight():
request = Request.blank('/', )
wrapped = permit_cors(wsgi_testapp)
resp = request.get_response(wrapped)
assert resp.headers['Access-Control-Allow-Origin'] == '*'
def test_permit_cors_sets_max_age_for_preflight_when_set(headers):
request = Request.blank('/', method='OPTIONS', headers=headers)
wrapped = permit_cors(wsgi_testapp, max_age=42)
resp = request.get_response(wrapped)
assert resp.headers['Access-Control-Max-Age'] == '42'
def test_permit_cors_sets_allow_credentials_for_preflight_when_set(headers):
request = Request.blank('/', method='OPTIONS', headers=headers)
wrapped = permit_cors(wsgi_testapp, allow_credentials=True)
resp = request.get_response(wrapped)
assert resp.headers['Access-Control-Allow-Credentials'] == 'true'
def test_permit_cors_400s_for_preflight_without_reqmethod(headers):
del headers['Access-Control-Request-Method']
request = Request.blank('/', method='OPTIONS', headers=headers)
wrapped = permit_cors(wsgi_testapp)
resp = request.get_response(wrapped)
assert resp.status_code == 400
def test_permit_cors_passes_through_non_preflight():
request = Request.blank('/')
wrapped = permit_cors(wsgi_testapp)
resp = request.get_response(wrapped)
assert resp.body == 'OK'
assert resp.status_code == 200
def test_permit_cors_sets_expose_headers_for_preflight_when_set(headers):
request = Request.blank('/', method='OPTIONS', headers=headers)
wrapped = permit_cors(wsgi_testapp, expose_headers=('Foo', 'X-Bar'))
resp = request.get_response(wrapped)
values = resp.headers['Access-Control-Expose-Headers'].split(', ')
assert sorted(values) == ['Foo', 'X-Bar']
def test_permit_cors_sets_allow_methods_for_preflight(headers):
request = Request.blank('/', method='OPTIONS', headers=headers)
wrapped = permit_cors(wsgi_testapp, allow_methods=('PUT', 'DELETE'))
resp = request.get_response(wrapped)
values = resp.headers['Access-Control-Allow-Methods'].split(', ')
assert sorted(values) == ['DELETE', 'OPTIONS', 'PUT']
def create_app(global_config, **settings):
"""Configure and add static routes and views. Return the WSGI app."""
settings = get_settings(global_config, **settings)
config = Configurator(settings=settings)
config.set_root_factory("h.resources.create_root")
config.add_subscriber("h.subscribers.add_renderer_globals", "pyramid.events.BeforeRender")
config.add_subscriber("h.subscribers.set_user_from_oauth", "pyramid.events.NewRequest")
config.add_tween("h.tweens.csrf_tween_factory")
config.add_tween("h.tweens.auth_token")
config.include(__name__)
app = config.make_wsgi_app()
app = permit_cors(
app,
allow_headers=("Authorization", "Content-Type", "X-Annotator-Auth-Token", "X-Client-Id"),
allow_methods=("HEAD", "GET", "POST", "PUT", "DELETE"),
)
return app
