File: README.rst

package info (click to toggle)
wsgicors 0.4.1-1.1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, sid
  • size: 124 kB
  • sloc: python: 278; makefile: 3
file content (114 lines) | stat: -rw-r--r-- 2,819 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
wsgicors |buildstatus|
========

.. |buildstatus| image:: https://travis-ci.org/may-day/wsgicors.svg?branch=master

This is a WSGI middleware that answers CORS preflight requests and adds
the needed header to the response. For CORS see:
http://www.w3.org/TR/cors/

Usage
-----

Either plug it in programmatically as in this pyramid example:

.. code:: python


    def app(global_config, **settings):
        """ This function returns a WSGI application.
        
        It is usually called by the PasteDeploy framework during 
        ``paster serve``.
        """

        def get_root(request):
            return {}

        config = Configurator(root_factory=get_root, settings=settings)
        config.begin()
        # whatever it takes to config your app goes here
        config.end()

        from wsgicors import CORS
        return CORS(config.make_wsgi_app(), headers="*", methods="*", maxage="180", origin="*")

or plug it into your wsgi pipeline via paste ini to let it serve by
waitress for instance:

::

    [app:myapp]
    use = egg:mysuperapp#app

    ###
    # wsgi server configuration
    ###

    [server:main]
    use = egg:waitress#main
    host = 0.0.0.0
    port = 6543

    [pipeline:main]
    pipeline =
        cors
        myapp

    [filter:cors]
    use = egg:wsgicors#middleware
    policy=free
    free_origin=copy
    free_headers=*
    free_methods=*
    free_maxage=180

    policy=subdom
    subdom_origin=example.com example2.com *.example.com
    subdom_headers=*
    subdom_methods=*
    subdom_maxage=180

Keywords are:

-  ``origin``
-  ``headers``
-  ``methods``
-  ``credentials``
-  ``maxage``

for ``origin``:

-  use ``copy`` which will copy whatever origin the request comes from
-  a space separated list of hostnames - they can also contain wildcards
   like ``*`` or ``?`` (fnmatch lib is used for matching). If a match is
   found the original host is returned.
-  any other literal will be be copied verbatim (like ``*`` for instance
   to allow every source)

for ``headers``:

-  use ``*`` which will allow whatever header is asked for
-  any other literal will be be copied verbatim (like ``*`` for instance
   to allow every source)

for ``methods``:

-  use ``*`` which will allow whatever method is asked for
-  any other literal will be be copied verbatim (like
   ``POST, PATCH, PUT, DELETE`` for instance)

for ``credentials``:

-  use ``true``
-  anything else will be ignored (that is no response header for
   ``Access-Control-Allow-Credentials`` is sent)

for ``maxage``:

-  give the number of seconds the answer can be used by a client,
   anything nonempty will be copied verbatim

As can be seen in the example above, a policy needs to be created with
the ``policy`` keyword. The options need then be prefixed with the
policy name and a ``_``.