def test_it_returns_set_cors_headers_value(self, pyramid_request, testview, set_cors_headers): cors_policy = policy() response = cors_policy(testview)(None, pyramid_request) assert response == set_cors_headers.return_value
def test_it_returns_wrapped_view_function_response(self, pyramid_request, testview): cors_policy = policy() response = cors_policy(testview)(None, pyramid_request) assert response.body == b"OK"
def test_it_sets_cors_headers(self, pyramid_request, testview, set_cors_headers): cors_policy = policy() cors_policy(testview)(None, pyramid_request) assert set_cors_headers.called
def test_it_adds_one_preflight_view_per_route(self, pyramid_config): cors_policy = policy() pyramid_config.add_route("api.read_thing", "/api/thing") pyramid_config.add_view = mock.Mock() add_preflight_view(pyramid_config, "api.read_thing", cors_policy) add_preflight_view(pyramid_config, "api.read_thing", cors_policy) assert pyramid_config.add_view.call_count == 1
def test_preflight_view_uses_cors_decorator(self, pyramid_config): cors_policy = policy() pyramid_config.add_route("api.read_thing", "/api/thing") pyramid_config.add_view = mock.Mock() add_preflight_view(pyramid_config, "api.read_thing", cors_policy) (_, kwargs) = pyramid_config.add_view.call_args assert kwargs["decorator"] == cors_policy
def test_it_adds_preflight_view(self, pyramid_config): cors_policy = policy() pyramid_config.add_route("api.read_thing", "/api/thing") add_preflight_view(pyramid_config, "api.read_thing", cors_policy) app = pyramid_config.make_wsgi_app() headers = { "Origin": "https://custom-client.herokuapp.com", "Access-Control-Request-Method": "POST", } request = Request.blank("/api/thing", method="OPTIONS", headers=headers) resp = request.get_response(app) assert resp.status_code == 200 assert resp.body == b""
from h.views.api import API_VERSIONS #: Decorator that adds CORS headers to API responses. #: #: This decorator enables web applications not running on the same domain as h #: to make API requests and read the responses. #: #: For standard API views the decorator is automatically applied by the #: ``api_config`` decorator. #: #: Exception views need to independently apply this policy because any response #: headers set during standard request processing are discarded if an exception #: occurs and an exception view is invoked to generate the response instead. cors_policy = cors.policy( allow_headers=("Authorization", "Content-Type", "X-Client-Id"), allow_methods=("HEAD", "GET", "PATCH", "POST", "PUT", "DELETE"), ) def add_api_view( config, view, versions, link_name=None, description=None, enable_preflight=True, **settings ): """ Add a view configuration for an API view.
def test_it_calls_wrapped_view_function(self, pyramid_request, testview): cors_policy = policy() cors_policy(testview)(None, pyramid_request) assert testview.called
from h.views.api import API_VERSIONS, API_VERSION_DEFAULT #: Decorator that adds CORS headers to API responses. #: #: This decorator enables web applications not running on the same domain as h #: to make API requests and read the responses. #: #: For standard API views the decorator is automatically applied by the #: ``api_config`` decorator. #: #: Exception views need to independently apply this policy because any response #: headers set during standard request processing are discarded if an exception #: occurs and an exception view is invoked to generate the response instead. cors_policy = cors.policy( allow_headers=("Authorization", "Content-Type", "X-Client-Id"), allow_methods=("HEAD", "GET", "PATCH", "POST", "PUT", "DELETE"), ) def add_api_view( config, view, versions, link_name=None, description=None, enable_preflight=True, **settings ): """ Add a view configuration for an API view.