Skip to main content

CORS preflight support for TiddlyWeb

Project description

A plugin for TiddlyWeb to support CORS pre-flight checks.

This is an experiment, with limited functionality. As test cases increase, functionality will increase.

To use add ‘tiddlywebplugins.cors’ to ‘system_plugins’ in

There are a few optional config settings:

If ‘cors.match_origin’ is True, then the value of the Origin header will be the value of the Access-Control-Allow-Origin header, on simple requests. On non-simple request, it always matches. If False the value is ‘*’ (on simple requests).

If ‘cors.allow_creds’ is True, then the Access-Control-Allow-Credentials header will be sent with a value of ‘true’, otherwise it will not be sent.

If ‘cors.exposed_headers’ is set, its should be a list of strings representing header names which are appended to the default Access-Control-Expose-Headers: ETag. This same list is used to set the default of Access-Control-Allow-Headers.

If ‘cors.enable_non_simple’ is True, preflight OPTIONS requests are handled. This defaults to False to avoid accidental exposure.

For authenticated cross-domain PUTs of resources the following config appears to be required:

‘cors.enable_non_simple’: True, ‘cors.allow_creds’: True, ‘cors.match_origin’: True,

The match_origin setting is required for the OPTIONS preflight requests to be handled effectively.


  • Blacklist/Whitelist processing of Access-Control-Request-Headers.
  • Auditing with someone else to confirm that this stuff is “correct”.
  • Refactoring of the two middlewares. There’s a fair bit of overlap. It could become just one that operates on both sides of the internal application, but I find that can be confusing.

Copyright 2012, Chris Dent <>

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for tiddlywebplugins.cors, version 0.3
Filename, size File type Python version Upload date Hashes
Filename, size tiddlywebplugins.cors-0.3.tar.gz (9.4 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page