def apply_cors(request):
"""Second part of the cors function to validate."""
from plone.server import app_settings
headers = {}
origin = request.headers.get('Origin', None)
if origin:
if not any([fnmatch.fnmatchcase(origin, o)
for o in app_settings['cors']['allow_origin']]):
logger.error('Origin %s not allowed' % origin)
raise HTTPUnauthorized()
elif request.headers.get('Access-Control-Allow-Credentials', False):
headers['Access-Control-Allow-Origin', origin]
else:
if any([o == "*" for o in app_settings['cors']['allow_origin']]):
headers['Access-Control-Allow-Origin'] = '*'
else:
headers['Access-Control-Allow-Origin'] = origin
if request.headers.get(
'Access-Control-Request-Method', None) != 'OPTIONS':
if app_settings['cors']['allow_credentials']:
headers['Access-Control-Allow-Credentials'] = 'True'
if len(app_settings['cors']['allow_headers']):
headers['Access-Control-Expose-Headers'] = \
', '.join(app_settings['cors']['allow_headers'])
return headers
评论列表
文章目录
