API#
nti.wsgi.cors#
High-level CORS middleware APIs.
nti.wsgi.cors.cors#
An outer layer middleware designed to work with CORS. Also integrates with Paste to set up expected exceptions. The definitions here were lifted from the CORS spec on 2011-10-18.
- EXPECTED_EXCEPTIONS = (<class 'greenlet.GreenletExit'>, <class 'SystemExit'>, <class 'OSError'>, <class 'ZODB.POSException.POSError'>)#
The exceptions in this list will be considered expected and not create error reports from Paste. Instead, Paste will raise them, and they will be caught here. Paste will catch everything else.
Todo
We need to move this to its own middleware.
- SIMPLE_HEADERS = ('ACCEPT', 'ACCEPT-LANGUAGE', 'CONTENT-LANGUAGE', 'LAST-EVENT-ID')#
HTTP request headers that CORS defines as “simple”
- SIMPLE_CONTENT_TYPES = ('application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain')#
HTTP content types that CORS defines as “simple”
- SIMPLE_RESPONSE_HEADERS = ('cache-control', 'content-language', 'content-type', 'expires', 'last-modified', 'pragma')#
HTTP response headers that CORS defines as simple
- is_simple_request_method(environ)[source]#
Checks to see if the environment represents a simple CORS request
- is_simple_header(name, value=None)[source]#
Checks to see if the name represents a simple CORS request header
- is_simple_response_header(name)[source]#
Checks to see if the name represents a simple CORS response header
- ACCES_CONTROL_HEADERS = ('Pragma', 'Slug', 'X-Requested-With', 'Authorization', 'If-Modified-Since', 'Content-Type', 'Origin', 'Accept', 'Cookie', 'Accept-Encoding', 'Cache-Control')#
Access Control Allow Headers
- class CORSInjector(app)[source]#
Bases:
object
Inject CORS around any application. Should be wrapped around (before) authentication and before
ErrorMiddleware
.
- cors_filter_factory(app, _global_conf=None)[source]#
Paste filter factory to include
CORSInjector
- class CORSOptionHandler(app)[source]#
Bases:
object
Handle OPTIONS requests by simply swallowing them and not letting them come through to the following app.
This is useful with the
cors_filter_factory()
and should be beneath it. Only use this if the rest of the pipeline doesn’t handle OPTIONS requests.
- cors_option_filter_factory(app, _global_conf=None)[source]#
Paste filter factory to include
CORSOptionHandler