def render(self): """ Renders the requested resource returned from the self.process() method. """ # check for logout if self.path == '/manage/logout': self.authenticate() return # traverse the resource tree try: result = getChildForRequest(self.env.tree, self) except SeisHubError, e: self.setResponseCode(e.code, e.message) self.env.log.http(e.code, e.message) self.write('') self.finish() return
def render(self): """ Renders the requested resource returned from the self.process() method. """ # traverse the resource tree child = getChildForRequest(self.env.tree, self) # check result and either render direct or in thread if IFileSystemResource.providedBy(child): # render direct return child.render(self) elif IStatical.providedBy(child): # render direct return child.render(self) elif IScriptResource.providedBy(child): msg = "Script resources may not be called via SFTP." raise ForbiddenError(msg) elif IRESTResource.providedBy(child): return child.render(self) elif IResource.providedBy(child): return child.render(self) msg = "I don't know how to handle this resource type %s" raise InternalServerError(msg % type(child))
def render(self): """ Renders the requested resource returned from the self.process() method. """ # Set the access control header to allow cross origin XMLHttpRequests # for all resources. self.setHeader("Access-Control-Allow-Origin", "*") # Modern browsers adhere to the same origin policy. This can be # circumvented to a certain degree by correctly responding to # XMLHttpRequest OPTIONS requests. All AJAX requests from other domains # will be allowed. The goal is to be as permissive as possible if self.method == "OPTIONS": # Shortcut name h_name = "access-control-request-headers" if self.requestHeaders.hasHeader(h_name) and \ "x-requested-with" in \ self.requestHeaders.getRawHeaders(h_name)[0].lower(): # Set correct headers, response code, and return. self.setResponseCode(200, "Cross site access granted.") self.setHeader("Access-Control-Allow-Headers", "X-Requested-With, X-File-Size, X-File-Name, X-File-Type, " "X-Requested-With, Authorization, " "authorization, content-type") self.setHeader("Access-Control-Allow-Methods", "POST, PUT, " "GET, DELETE, OPTIONS") self.setHeader("Access-Control-Max-Age", "60") self.write('') self.finish() return # Handle 'multipart/form-data' content types. # See http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.2 if self.requestHeaders.hasHeader("content-type") and \ self.requestHeaders.getRawHeaders("content-type")[0].startswith( "multipart/form-data; boundary="): boundary = self.requestHeaders.getRawHeaders("content-type")[0]\ .split("boundary=")[1] # The actual boundary is prepended with "--" boundary = "--" + boundary split_data = self.data.split(boundary) split_data = [_i for _i in split_data if _i] _, _, content, _ = split_data[:4] # The content can be prepended by Content-Disposition, # Content-Type, or Content-Transfer-Encoding headers. Remove # these. content = content.strip().split("\n") for _i, line in enumerate(content): if line and line.startswith("Content-"): continue self.data = "\n".join(content[_i:]).strip() break # check for logout if self.path == '/manage/logout': self.authenticate() return # traverse the resource tree try: result = getChildForRequest(self.env.tree, self) except SeisHubError, e: self.setResponseCode(e.code, e.message) self.env.log.http(e.code, e.message) self.write('') self.finish() return