def forbidden_view(request): # read the read of the body # TODO: body file is a buffer reader. should probably read the size of the buffer read = "buffer" while read != "": read = request.body_file.read(4096) return error.http_error(request.response, **error.FORBIDDEN)
def preflight_crossdomain_access_control(request): origin = request.headers.get("Origin") if origin is not None: request.response.headers["Access-Control-Allow-Origin"] = origin request.response.headers["Access-Control-Allow-Methods"] = "GET, PUT, POST, DELETE, OPTIONS" request.response.headers["Access-Control-Max-Age"] = tim_config["api"]["cors_ttl"] request.response.headers["Access-Control-Allow-Headers"] = "Content-Type" # parse the origin url origin_url = urlparse.urlparse(origin) origin_domain = origin_url.netloc.split(":")[0] if origin_domain in _acceptable_host: request.response.headers["Access-Control-Allow-Credentials"] = "true" else: logging.info("Not allowing domain (%s) because (%s) not in %s", origin, origin_domain, _acceptable_host) request.response.headers["Access-Control-Allow-Credentials"] = "false" return request.response return error.http_error(request.response, **error.NOT_FOUND)
def unauthorized_request_to_self(request): return error.http_error(request.response, **error.UNAUTHORIZED)
def not_found(request): return error.http_error(request.response, **error.NOT_FOUND)