def check_origin(response, prepared_request): """ Assert that a cross origin response allows requests from a request's origin. """ request = prepared_request headers = HeadersDict(prepared_request.headers) if is_same_origin(request): return origin = headers["origin"] if response.headers.get("Access-Control-Allow-Origin") not in ("*", origin): raise AccessControlError( "Origin %r not allowed for resource %r" % (origin, request.url), request.url, request.method, request.headers)
def prepare_preflight_allowed_origin(request): if is_same_origin(request): return {}, [] return {}, [check_origin]