kennethreitz/httpbin
1
0
Fork 0
mirror of https://github.com/kennethreitz/httpbin.git synced 2026-06-05 23:00:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Access-Control-Allow-Credentials to All

Browse Source 
If you do a "simple" request, there will be no CORS preflight
OPTIONS request.  That means that Basic auth will fail over
CORS.  This adds the header to all requests, fixing the problem.

Closes #122
This commit is contained in:
Kevin McCarthy
2014-06-21 15:51:24 -10:00
parent f6d708ebe5
commit 320e994c30
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
httpbin/core.py
+3 -1
View File
@@ -51,9 +51,11 @@ app = Flask(__name__, template_folder=tmpl_dir)
@app.after_request
def set_cors_headers(response):
response.headers['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
response.headers['Access-Control-Allow-Credentials'] = 'true'
if request.method == 'OPTIONS':
response.headers['Access-Control-Allow-Credentials'] = 'true'
# Both of these headers are only used for the "preflight request"
# http://www.w3.org/TR/cors/#access-control-allow-methods-response-header
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, OPTIONS'
response.headers['Access-Control-Max-Age'] = '3600' # 1 hour cache
return response
test_httpbin.py
+6
View File
@@ -66,6 +66,12 @@ class HttpbinTestCase(unittest.TestCase):
response.headers.get('Access-Control-Allow-Origin'), '*'
)
def test_set_cors_credentials_headers_after_auth_request(self):
response = self.app.get('/basic-auth/foo/bar')
self.assertEqual(
response.headers.get('Access-Control-Allow-Credentials'), 'true'
)
def test_set_cors_headers_after_request_with_request_origin(self):
response = self.app.get('/get', headers={'Origin': 'origin'})
self.assertEqual(