Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

CORS preflight support for TiddlyWeb

Project Description

A plugin for TiddlyWeb to support CORS pre-flight checks.

This is an experiment, with limited functionality. As test cases increase, functionality will increase.

To use add ‘tiddlywebplugins.cors’ to ‘system_plugins’ in

There are a few optional config settings:

If ‘cors.match_origin’ is True, then the value of the Origin header will be the value of the Access-Control-Allow-Origin header, on simple requests. On non-simple request, it always matches. If False the value is ‘*’ (on simple requests).

If ‘cors.allow_creds’ is True, then the Access-Control-Allow-Credentials header will be sent with a value of ‘true’, otherwise it will not be sent.

If ‘cors.exposed_headers’ is set, its should be a list of strings representing header names which are appended to the default Access-Control-Expose-Headers: ETag. This same list is used to set the default of Access-Control-Allow-Headers.

If ‘cors.enable_non_simple’ is True, preflight OPTIONS requests are handled. This defaults to False to avoid accidental exposure.

For authenticated cross-domain PUTs of resources the following config appears to be required:

‘cors.enable_non_simple’: True, ‘cors.allow_creds’: True, ‘cors.match_origin’: True,

The match_origin setting is required for the OPTIONS preflight requests to be handled effectively.


  • Blacklist/Whitelist processing of Access-Control-Request-Headers.
  • Auditing with someone else to confirm that this stuff is “correct”.
  • Refactoring of the two middlewares. There’s a fair bit of overlap. It could become just one that operates on both sides of the internal application, but I find that can be confusing.

Copyright 2012, Chris Dent <>

Release History

Release History

This version
History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
tiddlywebplugins.cors-0.3.tar.gz (9.4 kB) Copy SHA256 Checksum SHA256 Source Mar 26, 2014

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting