def test_it_returns_wrapped_view_function_response(self, pyramid_request, testview): cors_policy = policy() response = cors_policy(testview)(None, pyramid_request) assert response.body == b'OK'
def test_it_sets_cors_headers(self, pyramid_request, testview, set_cors_headers): cors_policy = policy() cors_policy(testview)(None, pyramid_request) assert set_cors_headers.called
def test_it_returns_set_cors_headers_value(self, pyramid_request, testview, set_cors_headers): cors_policy = policy() response = cors_policy(testview)(None, pyramid_request) assert response == set_cors_headers.return_value
def test_it_calls_wrapped_view_for_preflight_request_when_disabled( self, pyramid_request, testview): cors_policy = policy(allow_preflight=False) pyramid_request.request_method = 'OPTIONS' cors_policy(testview)(None, pyramid_request) assert testview.called
def test_it_calls_wrapped_view_for_preflight_request_when_disabled(self, pyramid_request, testview): cors_policy = policy(allow_preflight=False) pyramid_request.request_method = 'OPTIONS' cors_policy(testview)(None, pyramid_request) assert testview.called
def test_it_returns_set_cors_headers_value_for_preflight_request_when_enabled( self, pyramid_request, testview, set_cors_headers): cors_policy = policy(allow_preflight=True) pyramid_request.method = 'OPTIONS' pyramid_request.headers['Origin'] = 'https://example.org' pyramid_request.headers['Access-Control-Request-Method'] = 'GET' response = cors_policy(testview)(None, pyramid_request) assert response == set_cors_headers.return_value
def test_it_skips_wrapped_view_for_preflight_request_when_enabled( self, pyramid_request, testview): cors_policy = policy(allow_preflight=True) pyramid_request.method = 'OPTIONS' pyramid_request.headers['Origin'] = 'https://example.org' pyramid_request.headers['Access-Control-Request-Method'] = 'GET' cors_policy(testview)(None, pyramid_request) assert not testview.called
def test_it_returns_set_cors_headers_value_for_preflight_request_when_enabled( self, pyramid_request, testview, set_cors_headers): cors_policy = policy(allow_preflight=True) pyramid_request.method = 'OPTIONS' pyramid_request.headers['Origin'] = 'https://example.org' pyramid_request.headers['Access-Control-Request-Method'] = 'GET' response = cors_policy(testview)(None, pyramid_request) assert response == set_cors_headers.return_value
def test_preflight_view_uses_cors_decorator(self, pyramid_config): def view(request): pass # noop cors_policy = policy() pyramid_config.add_route('api.read_thing', '/api/thing') pyramid_config.add_view = mock.Mock() add_preflight_view(pyramid_config, 'api.read_thing', cors_policy) (_, kwargs) = pyramid_config.add_view.call_args assert kwargs['decorator'] == cors_policy
def test_it_skips_wrapped_view_for_preflight_request_when_enabled(self, pyramid_request, testview): cors_policy = policy(allow_preflight=True) pyramid_request.method = 'OPTIONS' pyramid_request.headers['Origin'] = 'https://example.org' pyramid_request.headers['Access-Control-Request-Method'] = 'GET' cors_policy(testview)(None, pyramid_request) assert not testview.called
def test_it_adds_one_preflight_view_per_route(self, pyramid_config): cors_policy = policy() pyramid_config.add_route('api.read_thing', '/api/thing') pyramid_config.add_view = mock.Mock() def view(request): pass # noop add_preflight_view(pyramid_config, 'api.read_thing', cors_policy) add_preflight_view(pyramid_config, 'api.read_thing', cors_policy) assert pyramid_config.add_view.call_count == 1
def test_preflight_view_uses_cors_decorator(self, pyramid_config): def view(request): pass # noop cors_policy = policy() pyramid_config.add_route('api.read_thing', '/api/thing') pyramid_config.add_view = mock.Mock() add_preflight_view(pyramid_config, 'api.read_thing', cors_policy) (_, kwargs) = pyramid_config.add_view.call_args assert kwargs['decorator'] == cors_policy
def test_it_adds_one_preflight_view_per_route(self, pyramid_config): cors_policy = policy() pyramid_config.add_route('api.read_thing', '/api/thing') pyramid_config.add_view = mock.Mock() def view(request): pass # noop add_preflight_view(pyramid_config, 'api.read_thing', cors_policy) add_preflight_view(pyramid_config, 'api.read_thing', cors_policy) assert pyramid_config.add_view.call_count == 1
def test_it_adds_preflight_view(self, pyramid_config): def view(request): pass # noop cors_policy = policy() pyramid_config.add_route('api.read_thing', '/api/thing') add_preflight_view(pyramid_config, 'api.read_thing', cors_policy) app = pyramid_config.make_wsgi_app() headers = {'Origin': 'https://custom-client.herokuapp.com', 'Access-Control-Request-Method': 'POST'} request = Request.blank('/api/thing', method='OPTIONS', headers=headers) resp = request.get_response(app) assert resp.status_code == 200 assert resp.body == b''
def test_it_adds_preflight_view(self, pyramid_config): def view(request): pass # noop cors_policy = policy() pyramid_config.add_route("api.read_thing", "/api/thing") add_preflight_view(pyramid_config, "api.read_thing", cors_policy) app = pyramid_config.make_wsgi_app() headers = { "Origin": "https://custom-client.herokuapp.com", "Access-Control-Request-Method": "POST", } request = Request.blank("/api/thing", method="OPTIONS", headers=headers) resp = request.get_response(app) assert resp.status_code == 200 assert resp.body == b""
def test_it_adds_preflight_view(self, pyramid_config): def view(request): pass # noop cors_policy = policy() pyramid_config.add_route('api.read_thing', '/api/thing') add_preflight_view(pyramid_config, 'api.read_thing', cors_policy) app = pyramid_config.make_wsgi_app() headers = { 'Origin': 'https://custom-client.herokuapp.com', 'Access-Control-Request-Method': 'POST' } request = Request.blank('/api/thing', method='OPTIONS', headers=headers) resp = request.get_response(app) assert resp.status_code == 200 assert resp.body == b''
from h.events import AnnotationEvent from h.interfaces import IGroupService from h.presenters import AnnotationJSONPresenter, AnnotationJSONLDPresenter from h.resources import AnnotationResource from h.schemas.annotation import CreateAnnotationSchema, UpdateAnnotationSchema from h.util import cors _ = i18n.TranslationStringFactory(__package__) # FIXME: unify (or at least deduplicate) CORS policy between this file and # `h.util.view` cors_policy = cors.policy( allow_headers=( 'Authorization', 'Content-Type', 'X-Annotator-Auth-Token', 'X-Client-Id', ), allow_methods=('HEAD', 'GET', 'PATCH', 'POST', 'PUT', 'DELETE'), allow_preflight=True) def add_api_view(config, view, link_name=None, description=None, **settings): """ Add a view configuration for an API view. This adds a new view using `config.add_view` with appropriate defaults for API methods (JSON in & out, CORS support). Additionally if `link_name` is specified it adds the view to the list of views returned by the `api.index` route.
def test_it_calls_wrapped_view_function(self, pyramid_request, testview): cors_policy = policy() cors_policy(testview)(None, pyramid_request) assert testview.called
from h.util import cors #: Decorator that adds CORS headers to API responses. #: #: This decorator enables web applications not running on the same domain as h #: to make API requests and read the responses. #: #: For standard API views the decorator is automatically applied by the #: ``api_config`` decorator. #: #: Exception views need to independently apply this policy because any response #: headers set during standard request processing are discarded if an exception #: occurs and an exception view is invoked to generate the response instead. cors_policy = cors.policy( allow_headers=("Authorization", "Content-Type", "X-Client-Id"), allow_methods=("HEAD", "GET", "PATCH", "POST", "PUT", "DELETE"), ) def add_api_view(config, view, link_name=None, description=None, enable_preflight=True, **settings): """ Add a view configuration for an API view. This adds a new view using `config.add_view` with appropriate defaults for API methods (JSON in & out, CORS support). Additionally if `link_name` is specified it adds the view to the list of views returned by the `api.index`
from __future__ import unicode_literals import venusian from h.util import cors cors_policy = cors.policy(allow_headers=( 'Authorization', 'Content-Type', 'X-Client-Id', ), allow_methods=('HEAD', 'GET', 'PATCH', 'POST', 'PUT', 'DELETE')) def add_api_view(config, view, link_name=None, description=None, enable_preflight=True, **settings): """ Add a view configuration for an API view. This adds a new view using `config.add_view` with appropriate defaults for API methods (JSON in & out, CORS support). Additionally if `link_name` is specified it adds the view to the list of views returned by the `api.index` route. :param config: The Pyramid `Configurator` :param view: The view callable :param link_name: Dotted path of the metadata for this route in the output
def test_it_calls_wrapped_view_function(self, pyramid_request, testview): cors_policy = policy() cors_policy(testview)(None, pyramid_request) assert testview.called
# -*- coding: utf-8 -*- from __future__ import unicode_literals from pyramid.view import view_config from h.util import cors cors_policy = cors.policy( allow_headers=( 'Authorization', 'Content-Type', ), allow_methods=('HEAD', 'GET', 'POST', 'PUT', 'DELETE'), allow_preflight=True) def handle_exception(request): """Handle an uncaught exception for the passed request.""" request.response.status_int = 500 request.sentry.captureException() # In debug mode we should just reraise, so that the exception is caught by # the debug toolbar. if request.debug: raise def json_view(**settings): """A view configuration decorator with JSON defaults.""" settings.setdefault('accept', 'application/json') settings.setdefault('renderer', 'json')
def test_it_returns_wrapped_view_function_response(self, pyramid_request, testview): cors_policy = policy() response = cors_policy(testview)(None, pyramid_request) assert response.body == 'OK'
def test_it_sets_cors_headers(self, pyramid_request, testview, set_cors_headers): cors_policy = policy() cors_policy(testview)(None, pyramid_request) assert set_cors_headers.called
def test_it_returns_set_cors_headers_value(self, pyramid_request, testview, set_cors_headers): cors_policy = policy() response = cors_policy(testview)(None, pyramid_request) assert response == set_cors_headers.return_value
from h.events import AnnotationEvent from h.interfaces import IGroupService from h.presenters import AnnotationJSONPresenter, AnnotationJSONLDPresenter from h.resources import AnnotationResource from h.schemas.annotation import CreateAnnotationSchema, UpdateAnnotationSchema from h.util import cors _ = i18n.TranslationStringFactory(__package__) # FIXME: unify (or at least deduplicate) CORS policy between this file and # `h.util.view` cors_policy = cors.policy(allow_headers=( 'Authorization', 'Content-Type', 'X-Annotator-Auth-Token', 'X-Client-Id', ), allow_methods=('HEAD', 'GET', 'PATCH', 'POST', 'PUT', 'DELETE'), allow_preflight=True) def add_api_view(config, view, link_name=None, description=None, **settings): """ Add a view configuration for an API view. This adds a new view using `config.add_view` with appropriate defaults for API methods (JSON in & out, CORS support). Additionally if `link_name` is specified it adds the view to the list of views returned by the `api.index` route.
# -*- coding: utf-8 -*- from __future__ import unicode_literals from pyramid.view import view_config from h.util import cors cors_policy = cors.policy(allow_headers=( 'Authorization', 'Content-Type', ), allow_methods=('HEAD', 'GET', 'POST', 'PUT', 'DELETE'), allow_preflight=True) def handle_exception(request): """Handle an uncaught exception for the passed request.""" request.response.status_int = 500 request.sentry.captureException() # In debug mode we should just reraise, so that the exception is caught by # the debug toolbar. if request.debug: raise def json_view(**settings): """A view configuration decorator with JSON defaults.""" settings.setdefault('accept', 'application/json') settings.setdefault('renderer', 'json')