API#

nti.wsgi.cors#

High-level CORS middleware APIs.

cors_filter_factory(app, _global_conf=None)[source]#: Paste filter factory to include CORSInjector

cors_option_filter_factory(app, _global_conf=None)[source]#: Paste filter factory to include CORSOptionHandler

nti.wsgi.cors.cors#

An outer layer middleware designed to work with CORS. Also integrates with Paste to set up expected exceptions. The definitions here were lifted from the CORS spec on 2011-10-18.

EXPECTED_EXCEPTIONS = (<class 'greenlet.GreenletExit'>, <class 'SystemExit'>, <class 'OSError'>, <class 'ZODB.POSException.POSError'>)#: The exceptions in this list will be considered expected and not create error reports from Paste. Instead, Paste will raise them, and they will be caught here. Paste will catch everything else.

Todo

We need to move this to its own middleware.

SIMPLE_METHODS = ('GET', 'HEAD', 'POST')#: HTTP methods that CORS defines as “simple”

SIMPLE_HEADERS = ('ACCEPT', 'ACCEPT-LANGUAGE', 'CONTENT-LANGUAGE', 'LAST-EVENT-ID')#: HTTP request headers that CORS defines as “simple”

SIMPLE_CONTENT_TYPES = ('application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain')#: HTTP content types that CORS defines as “simple”

SIMPLE_RESPONSE_HEADERS = ('cache-control', 'content-language', 'content-type', 'expires', 'last-modified', 'pragma')#: HTTP response headers that CORS defines as simple

is_simple_request_method(environ)[source]#: Checks to see if the environment represents a simple CORS request

is_simple_header(name, value=None)[source]#: Checks to see if the name represents a simple CORS request header

is_simple_response_header(name)[source]#: Checks to see if the name represents a simple CORS response header

ACCES_CONTROL_HEADERS = ('Pragma', 'Slug', 'X-Requested-With', 'Authorization', 'If-Modified-Since', 'Content-Type', 'Origin', 'Accept', 'Cookie', 'Accept-Encoding', 'Cache-Control')#: Access Control Allow Headers

class CORSInjector(app)[source]#

Bases: object

Inject CORS around any application. Should be wrapped around (before) authentication and before ErrorMiddleware.

cors_filter_factory(app, _global_conf=None)[source]#: Paste filter factory to include CORSInjector

class CORSOptionHandler(app)[source]#

Bases: object

Handle OPTIONS requests by simply swallowing them and not letting them come through to the following app.

This is useful with the cors_filter_factory() and should be beneath it. Only use this if the rest of the pipeline doesn’t handle OPTIONS requests.

cors_option_filter_factory(app, _global_conf=None)[source]#: Paste filter factory to include CORSOptionHandler