CORS preflight support for TiddlyWeb
Project description
A plugin for TiddlyWeb to support CORS pre-flight checks.
This is an experiment, with limited functionality. As test cases increase, functionality will increase.
To use add ‘tiddlywebplugins.cors’ to ‘system_plugins’ in tiddlywebconfig.py.
There are a few optional config settings:
If ‘cors.match_origin’ is True, then the value of the Origin header will be the value of the Access-Control-Allow-Origin header, on simple requests. On non-simple request, it always matches. If False the value is ‘*’ (on simple requests).
If ‘cors.allow_creds’ is True, then the Access-Control-Allow-Credentials header will be sent with a value of ‘true’, otherwise it will not be sent.
If ‘cors.exposed_headers’ is set, its should be a list of strings representing header names which are appended to the default Access-Control-Expose-Headers: ETag. This same list is used to set the default of Access-Control-Allow-Headers.
If ‘cors.enable_non_simple’ is True, preflight OPTIONS requests are handled. This defaults to False to avoid accidental exposure.
For authenticated cross-domain PUTs of resources the following config appears to be required:
‘cors.enable_non_simple’: True, ‘cors.allow_creds’: True, ‘cors.match_origin’: True,
The match_origin setting is required for the OPTIONS preflight requests to be handled effectively.
ToDo:
Blacklist/Whitelist processing of Access-Control-Request-Headers.
Auditing with someone else to confirm that this stuff is “correct”.
Refactoring of the two middlewares. There’s a fair bit of overlap. It could become just one that operates on both sides of the internal application, but I find that can be confusing.
Copyright 2012, Chris Dent <cdent@peermore.com>
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for tiddlywebplugins.cors-0.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2b639ef8c3b148778ff98a5c599d828bac14442bec39ccb68fbf1cc0d0649cca |
|
MD5 | 79d213dee3fe6556665ea4dc88d8e67f |
|
BLAKE2b-256 | ae359394bd6603b5a1ffa4e9b1eed317a464714056bd741335e6e0e75d3c58c1 |