Skip to main content

WSGI for Cross Origin Resource Sharing (CORS)

Project description

wsgicors

This is a WSGI middleware that answers CORS preflight requests and adds the needed header to the response. For CORS see: http://www.w3.org/TR/cors/

Usage

Either plug it in programmatically as in this pyramid example:

def app(global_config, **settings):
    """ This function returns a WSGI application.

    It is usually called by the PasteDeploy framework during
    ``paster serve``.
    """

    def get_root(request):
        return {}

    config = Configurator(root_factory=get_root, settings=settings)
    config.begin()
    # whatever it takes to config your app goes here
    config.end()

    from wsgicors import CORS
    return CORS(config.make_wsgi_app(), headers="*", methods="*", maxage="180", origin="*")

or plug it into your wsgi pipeline via paste ini to let it serve by waitress for instance:

[app:myapp]
use = egg:mysuperapp#app

###
# wsgi server configuration
###

[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6543

[pipeline:main]
pipeline =
    cors
    myapp

[filter:cors]
use = egg:wsgicors#middleware
policy=free
free_origin=copy
free_headers=*
free_methods=*
free_maxage=180

Keywords are:

  • origin
  • headers
  • methods
  • credentials
  • maxage

for origin:

  • use copy which will copy whatever origin the request comes from
  • any other literal will be be copied verbatim (like * for instance to allow every source)

for headers:

  • use * which will allow whatever header is asked for
  • any other literal will be be copied verbatim (like * for instance to allow every source)

for methods:

  • use * which will allow whatever method is asked for
  • any other literal will be be copied verbatim (like POST, PATCH, PUT, DELETE for instance)

for credentials:

  • use true
  • anything else will be ignored (that is no response header for Access-Control-Allow-Credentials is sent)

for maxage:

  • give the number of seconds the answer can be used by a client, anything nonempty will be copied verbatim

As can be seen in the example above, a policy needs to be created with the policy keyword. The options need then be prefixed with the policy name and a _.

Changes

Version 0.2

  • Access-Control-Allow-Credentials is now returned in the actual reponse if specified by policy

Project details


Release history Release notifications

History Node

0.7.0

History Node

0.6.0

History Node

0.5.1

History Node

0.5.0

History Node

0.4.1

History Node

0.4

History Node

0.3

This version
History Node

0.2

History Node

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
wsgicors-0.2.tar.gz (3.8 kB) Copy SHA256 hash SHA256 Source None Feb 27, 2013

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page