def crossdomain(origin=None, methods=None, headers=None,
max_age=21600, attach_to_all=True,
automatic_options=True):
# join the parameters with comma
# get the value of http header 'Access-Control-Allow-Methods'
if methods is not None:
methods = ', '.join(sorted(x.upper() for x in methods))
# get the value of http header 'Access-Control-Allow-Headers'
if headers is not None and not isinstance(headers, str):
headers = ', '.join(x.upper() for x in headers)
# get the value of http header 'Access-Control-Allow-Origin'
if not isinstance(origin, str):
origin = ', '.join(origin)
# get the value of http header 'Access-Control-Max-Age'
if isinstance(max_age, timedelta):
max_age = max_age.total_seconds()
def get_methods():
if methods is not None:
return methods
# if not provided, make the default response options, which will allow all methods that are implemented.
options_resp = current_app.make_default_options_response()
return options_resp.headers['allow']
def decorator(f):
def wrapped_function(*args, **kwargs):
# if enabled the decorator will use the default Flask OPTIONS response and attach the headers there,
# otherwise the view function will be called to generate an appropriate response.
if automatic_options and request.method == 'OPTIONS':
resp = current_app.make_default_options_response()
else:
resp = make_response(f(*args, **kwargs))
if not attach_to_all and request.method != 'OPTIONS':
return resp
h = resp.headers
h['Access-Control-Allow-Origin'] = origin
h['Access-Control-Allow-Methods'] = get_methods()
h['Access-Control-Max-Age'] = str(max_age)
if headers is not None:
h['Access-Control-Allow-Headers'] = headers
return resp
f.provide_automatic_options = False
return update_wrapper(wrapped_function, f)
return decorator
评论列表
文章目录