kennethreitz/httpbin
1
0
Fork 0
mirror of https://github.com/kennethreitz/httpbin.git synced 2026-06-05 23:00:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Access-Control-Allow-Credentials to All

Browse Source 
If you do a "simple" request, there will be no CORS preflight
OPTIONS request.  That means that Basic auth will fail over
CORS.  This adds the header to all requests, fixing the problem.

Closes #122
This commit is contained in:
Kevin McCarthy
2014-06-21 15:51:24 -10:00
parent f6d708ebe5
commit 320e994c30
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test_httpbin.py
+6
View File
@@ -66,6 +66,12 @@ class HttpbinTestCase(unittest.TestCase):
response.headers.get('Access-Control-Allow-Origin'), '*'
)
def test_set_cors_credentials_headers_after_auth_request(self):
response = self.app.get('/basic-auth/foo/bar')
self.assertEqual(
response.headers.get('Access-Control-Allow-Credentials'), 'true'
)
def test_set_cors_headers_after_request_with_request_origin(self):
response = self.app.get('/get', headers={'Origin': 'origin'})
self.assertEqual(