Datasette plugin for configuring CORS headers

Project description

datasette-cors

Datasette plugin for configuring CORS headers, based on asgi-cors.

You can use this plugin to allow JavaScript running on an allowlisted set of domains to make fetch() calls to the JSON API provided by your Datasette instance.

Installation

datasette install datasette-cors

Configuration

You need to add some plugin configuration for this plugin to take effect.

To allowlist specific domains, use this:

{
    "plugins": {
        "datasette-cors": {
            "hosts": ["https://www.example.com"]
        }
    }
}

This affects the access-control-allow-origin header.

You can also allowlist host patterns like this:

{
    "plugins": {
        "datasette-cors": {
            "host_wildcards": ["https://*.example.com"]
        }
    }
}

To allow all origins, use:

{
    "plugins": {
        "datasette-cors": {
            "allow_all": true
        }
    }
}

This sets the access-control-allow-origin header to *.

You can specify allowed headers - with the access-control-allow-headers header - using the headers option:

{
    "plugins": {
        "datasette-cors": {
            "allow_all": true,
            "headers": ["Authorization", "Content-Type"]
        }
    }
}

To allow specific HTTP methods with the access-control-allow-methods header, use the methods option:

{
    "plugins": {
        "datasette-cors": {
            "allow_all": true,
            "methods": ["GET", "POST", "OPTIONS"]
        }
    }
}

You can set the access-control-max-age header using the max_age option:

{
    "plugins": {
        "datasette-cors": {
            "allow_all": true,
            "max_age": 3600
        }
    }
}

Testing it

To test this plugin out, run it locally by saving one of the above examples as metadata.json and running this:

datasette -m metadata.json

With Datasette 1.0 use -c config.json instead, or try this:

datasette -s plugins.datasette-cors.allow_all true

Now visit https://www.example.com/ in your browser, open the browser developer console and paste in the following:

fetch("http://127.0.0.1:8001/_memory.json?sql=select+sqlite_version%28%29").then(r => r.json()).then(console.log)

If the plugin is working correctly, you will see the JSON response output to the console.

Project details

Release history Release notifications | RSS feed

1.0.1

Apr 12, 2024

This version

1.0

Apr 8, 2024

0.3

Jul 11, 2019

0.2

Jul 8, 2019

0.1

Jul 7, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

datasette-cors-1.0.tar.gz (6.6 kB view details)

Uploaded Apr 8, 2024 Source

Built Distribution

datasette_cors-1.0-py3-none-any.whl (7.0 kB view details)

Uploaded Apr 8, 2024 Python 3

File details

Details for the file datasette-cors-1.0.tar.gz.

File metadata

Download URL: datasette-cors-1.0.tar.gz
Upload date: Apr 8, 2024
Size: 6.6 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for datasette-cors-1.0.tar.gz
Algorithm	Hash digest
SHA256	`8ab9f240618f6dd228816c65bae5a975b6ee1dc796c7dec0c6cecc887d0691ff`
MD5	`ae90194ccf2e03c55c7b6d6d2ec1a194`
BLAKE2b-256	`f8aaff1596766fbaad9135493bc17a71a9f7e43e82b0cd7506ead7531e9cb406`

See more details on using hashes here.

File details

Details for the file datasette_cors-1.0-py3-none-any.whl.

File metadata

Download URL: datasette_cors-1.0-py3-none-any.whl
Upload date: Apr 8, 2024
Size: 7.0 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for datasette_cors-1.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`1cffc74913140fec228a61889046452574f766dd5374d6c2f0faa55c2523ded3`
MD5	`4061158584327b5931e44efb4ec6b82d`
BLAKE2b-256	`2ede0503cd831ae2298d34f60bb6c14d9b9f1df0f7424fd5736e1723fd6fb6fb`