From 43ced62b4425b16c3537fdad8e375812ac2f01c2 Mon Sep 17 00:00:00 2001 From: derflocki Date: Tue, 9 Sep 2014 21:26:25 +0200 Subject: [PATCH 1/3] support Access-Control-Request-Headers --- httpbin/core.py | 2 ++ test_httpbin.py | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/httpbin/core.py b/httpbin/core.py index 2e8774b..ca0b904 100644 --- a/httpbin/core.py +++ b/httpbin/core.py @@ -58,6 +58,8 @@ def set_cors_headers(response): # http://www.w3.org/TR/cors/#access-control-allow-methods-response-header response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, OPTIONS' response.headers['Access-Control-Max-Age'] = '3600' # 1 hour cache + if request.headers.get('Access-Control-Request-Headers', None) != None: + response.headers['Access-Control-Allow-Headers'] = request.headers.get('Access-Control-Request-Headers', "") return response diff --git a/test_httpbin.py b/test_httpbin.py index 8af40d8..8cb0cab 100755 --- a/test_httpbin.py +++ b/test_httpbin.py @@ -101,7 +101,11 @@ class HttpbinTestCase(unittest.TestCase): self.assertNotIn( 'Access-Control-Allow-Headers', response.headers ) - + def test_set_cors_allow_headers(self): + response = self.app.open('/get', method='OPTIONS', headers={'Access-Control-Request-Headers': 'X-Test-Header'}) + self.assertEqual( + response.headers.get('Access-Control-Allow-Headers'), 'X-Test-Header' + ) def test_user_agent(self): response = self.app.get( '/user-agent', headers={'User-Agent': 'test'} From e68741e1316909e6e59a5c31d45355510e76d826 Mon Sep 17 00:00:00 2001 From: derflocki Date: Wed, 10 Sep 2014 08:20:51 +0200 Subject: [PATCH 2/3] cleaned up --- httpbin/core.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/httpbin/core.py b/httpbin/core.py index ca0b904..7d8464e 100644 --- a/httpbin/core.py +++ b/httpbin/core.py @@ -58,8 +58,8 @@ def set_cors_headers(response): # http://www.w3.org/TR/cors/#access-control-allow-methods-response-header response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, OPTIONS' response.headers['Access-Control-Max-Age'] = '3600' # 1 hour cache - if request.headers.get('Access-Control-Request-Headers', None) != None: - response.headers['Access-Control-Allow-Headers'] = request.headers.get('Access-Control-Request-Headers', "") + if request.headers.get('Access-Control-Request-Headers') is not None: + response.headers['Access-Control-Allow-Headers'] = request.headers.get('Access-Control-Request-Headers') return response From 4554150ff9eb5ed9d630616f2e2d1aeaf480196e Mon Sep 17 00:00:00 2001 From: derflocki Date: Thu, 11 Sep 2014 20:24:10 +0200 Subject: [PATCH 3/3] got rid of unnecessary .get call --- httpbin/core.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/httpbin/core.py b/httpbin/core.py index 7d8464e..cc856e0 100644 --- a/httpbin/core.py +++ b/httpbin/core.py @@ -59,7 +59,7 @@ def set_cors_headers(response): response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, OPTIONS' response.headers['Access-Control-Max-Age'] = '3600' # 1 hour cache if request.headers.get('Access-Control-Request-Headers') is not None: - response.headers['Access-Control-Allow-Headers'] = request.headers.get('Access-Control-Request-Headers') + response.headers['Access-Control-Allow-Headers'] = request.headers['Access-Control-Request-Headers'] return response