If you do a "simple" request, there will be no CORS preflight
OPTIONS request. That means that Basic auth will fail over
CORS. This adds the header to all requests, fixing the problem.
Closes#122
The DELETE endpoint was missing form and files, so if you hit the
endpoint with data in the envelope and a Content-Type header set to
application/x-www-form-urlencoded, the data will disappear. Since RFC
2731 doesn't disallow content in the body of a DELETE request, let's
allow that data to pass through
Closes#143
Encoding of the received files and/or body data was failing in case of raw
binary data being POSTed/PUT/etc. (The exact trigger was actually a non-UTF-8
data stream, since Flask's `jsonify`, i.e. `simplejson.dumps` assumes UTF-8.)
Binary data in a JSON response are now encoded as "data" URLs, according to
RFC 2397. "Data" URL scheme was chosen for its simplicity and clarity. MIME
type is included. Plain text is passed thru unmodified, as before.
Also, tests demonstrating the bug/fix added to `test_httpbin.py`.
Kevin McCarthy