hobo/hobo/middleware/cors.py

import os.path

from django.conf import settings
from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin


class CORSMiddleware(MiddlewareMixin):
    def process_request(self, request):
        """
        If CORS preflight header, then create an
        empty body response (200 OK) and return it
        Django won't bother calling any other request
        view/exception middleware along with the requested view;
        it will call any response middlewares
        """
        if request.method == 'OPTIONS' and "access-control-request-method" in request.headers:
            response = HttpResponse()
            return response
        return None

    def process_response(self, request, response):
        origin = request.headers.get('Origin')
        if origin:
            whitelist = getattr(settings, 'CORS_ORIGIN_WHITELIST', [])
            if origin not in whitelist:
                return response
            response['Access-Control-Allow-Origin'] = origin
            response['Access-Control-Allow-Credentials'] = 'true'
            response['Access-Control-Allow-Headers'] = 'x-requested-with'
        return response
send CORS AllowOrigin header when request's Origin header is from a service deployed by hobo (#6988) 2015-04-20 16:52:06 +02:00			`import os.path`

			`from django.conf import settings`
cors: add missing import of HttpResponse (#7153) 2015-05-06 10:01:36 +02:00			`from django.http import HttpResponse`
misc: make middlewares compatible with MIDDLEWARE settings (#36335) 2019-09-22 20:04:17 +02:00			`from django.utils.deprecation import MiddlewareMixin`
send CORS AllowOrigin header when request's Origin header is from a service deployed by hobo (#6988) 2015-04-20 16:52:06 +02:00
trivial: apply black 2021-05-14 18:39:27 +02:00
misc: make middlewares compatible with MIDDLEWARE settings (#36335) 2019-09-22 20:04:17 +02:00			`class CORSMiddleware(MiddlewareMixin):`
send CORS AllowOrigin header when request's Origin header is from a service deployed by hobo (#6988) 2015-04-20 16:52:06 +02:00			`def process_request(self, request):`
			`"""`
			`If CORS preflight header, then create an`
			`empty body response (200 OK) and return it`
			`Django won't bother calling any other request`
			`view/exception middleware along with the requested view;`
			`it will call any response middlewares`
			`"""`
misc: change django-upgrade target version to 3.2 (#75442) 2023-03-29 12:10:39 +02:00			`if request.method == 'OPTIONS' and "access-control-request-method" in request.headers:`
cors: add missing import of HttpResponse (#7153) 2015-05-06 10:01:36 +02:00			`response = HttpResponse()`
send CORS AllowOrigin header when request's Origin header is from a service deployed by hobo (#6988) 2015-04-20 16:52:06 +02:00			`return response`
			`return None`

			`def process_response(self, request, response):`
			`origin = request.headers.get('Origin')`
			`if origin:`
			`whitelist = getattr(settings, 'CORS_ORIGIN_WHITELIST', [])`
			`if origin not in whitelist:`
			`return response`
middleware: add more CORS headers, to allow credentials (#7153) 2015-05-06 10:05:03 +02:00			`response['Access-Control-Allow-Origin'] = origin`
			`response['Access-Control-Allow-Credentials'] = 'true'`
			`response['Access-Control-Allow-Headers'] = 'x-requested-with'`
send CORS AllowOrigin header when request's Origin header is from a service deployed by hobo (#6988) 2015-04-20 16:52:06 +02:00			`return response`