Skip to main content

CORS support for Morepath

Project description

more.cors: CORS support for Morepath

This package adds CORS support to Morepath.

Quick start

Install more.cors:

$ pip install -U more.cors

Extend your App class from CORSApp:

from more.cors import CORSApp


class App(CORSApp):
    pass

This will add basic CORS support to your Morepath app.

Settings

more.cors provides settings in the ‘cors’ section. Here are the defaults:

@App.setting_section(section='cors')
def cors_settings():
    return {
        'allowed_verbs': ['GET', 'PUT', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],
        'allowed_origin': '*',
        'expose_headers': ['Content-Type', 'Authorization'],
        'allowed_headers': ['Content-Type', 'Authorization'],
        'max_age': 60,
        'allow_credentials': False
    }

The following settings are available:

allowed_verbs

A list of allowed HTTP request methods.

allowed_origin

A URI that may access the resource. For requests without credentials, “*” can be used as a wildcard, allowing any origin to access the resource.

expose_headers

A list of HTTP headers which can be exposed as part of the response.

allowed_headers

A list of HTTP headers which can be used during the actual request.

max_age

Maximum number of seconds the results of a preflight request can be cached.

allow_credentials

Boolean which indicates whether or not the actual request can be made using credentials. Credentials are cookies, authorization headers or TLS client certificates.

Specify CORS settings for a single view

more.cors exposes the App.cors() class method. This can be used to specify settings for a single view:

App.cors(
    model=Root,
    view_name='view2',
    allowed_headers=['Cache-Control'],
    expose_headers=['Cookie'],
    allowed_origin='http://foo.com',
    allow_credentials=True,
    max_age=10
)
model

Specifies the corresponding view model.

view_name

Is needed when you use a named view.

allowed_headers, expose_headers, allowed_origin, allow_credentials, max_age

The settings which can be specified. For details see Settings.

CHANGES

0.3 (2020-04-26)

  • Removed: Removed support for Python 2.

    You have to upgrade to Python 3 if you want to use this version.

  • Added support for Python 3.7 and 3.8 and PyPy 3.6.

  • Make Python 3.7 the default testing environment.

  • Add integration for the Black code formatter.

0.2 (2018-06-11)

  • Fix list of allowed verbs for failed (unauthorized) preflight (see PR #4).

0.1 (2018-06-08)

  • Initial public release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

more.cors-0.3.tar.gz (7.1 kB view hashes)

Uploaded Source

Built Distribution

more.cors-0.3-py2.py3-none-any.whl (7.7 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page