kennethreitz/httpbin
1
0
Fork 0
mirror of https://github.com/kennethreitz/httpbin.git synced 2026-06-05 23:00:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use header Origin in response headers when available

Browse Source 
Since the RFC [1] doesn't allow wildcards for credentialed requests,
add the requested Origin into the response headers.

[1] https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS#Requests_with_credentials
This commit is contained in:
Rodrigo Chacon
2013-01-31 02:43:42 -02:00
committed by Rodrigo Chacon
parent 3f45aba2af
commit e3cd47d0e2
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
httpbin/core.py
+2 -1
View File
@@ -43,7 +43,8 @@ sentry = Sentry(app)
# -----------
@app.after_request
def set_cors_headers(response):
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Origin'] = request.headers.get('Origin', '*')
if request.method == 'OPTIONS':
response.headers['Access-Control-Allow-Credentials'] = 'true'
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, OPTIONS'
test_httpbin.py
+4
View File
@@ -45,6 +45,10 @@ class HttpbinTestCase(unittest.TestCase):
response = self.app.get('/get')
self.assertEquals(response.headers.get('Access-Control-Allow-Origin'), '*')
def test_set_cors_headers_after_request_with_request_origin(self):
response = self.app.get('/get', headers={'Origin': 'origin'})
self.assertEquals(response.headers.get('Access-Control-Allow-Origin'), 'origin')
def test_set_cors_headers_with_options_verb(self):
response = self.app.open('/get', method='OPTIONS')
self.assertEquals(response.headers.get('Access-Control-Allow-Origin'), '*')