def test_cors_strategy_raises_for_duplicate_policy_name():
cors = CORSStrategy(CORSPolicy(), Router())
cors.add_policy("a", CORSPolicy())
with pytest.raises(CORSConfigurationError):
cors.add_policy("a", CORSPolicy())
def test_cors_strategy_raises_for_missing_policy_name():
cors = CORSStrategy(CORSPolicy(), Router())
with pytest.raises(CORSConfigurationError):
cors.add_policy("", CORSPolicy())
with pytest.raises(CORSConfigurationError):
cors.add_policy(None, CORSPolicy()) # type: ignore
def use_cors(
self,
*,
allow_methods: Union[None, str, Iterable[str]] = None,
allow_headers: Union[None, str, Iterable[str]] = None,
allow_origins: Union[None, str, Iterable[str]] = None,
allow_credentials: bool = False,
max_age: int = 5,
expose_headers: Union[None, str, Iterable[str]] = None,
) -> CORSStrategy:
"""
Enables CORS for the application, specifying the default rules to be applied
for all request handlers.
"""
if self.started:
raise ApplicationAlreadyStartedCORSError()
self._cors_strategy = CORSStrategy(
CORSPolicy(
allow_methods=allow_methods,
allow_headers=allow_headers,
allow_origins=allow_origins,
allow_credentials=allow_credentials,
max_age=max_age,
expose_headers=expose_headers,
),
self.router,
)
# Note: the following is a no-op request handler, necessary to activate handling
# of OPTIONS preflight requests.
# However, preflight requests are handled by the CORS middleware. This is to
# stop the chain of middlewares and prevent extra logic from executing for
# preflight requests (e.g. authentication logic)
@self.router.options("*")
async def options_handler(request):
return Response(404)
# User defined catch-all OPTIONS request handlers are not supported when the
# built-in CORS handler is used.
return self._cors_strategy