kopia lustrzana https://github.com/simonw/datasette
--cors Access-Control-Allow-Headers: Authorization
Refs #1467, refs https://github.com/simonw/datasette-auth-tokens/issues/4pull/1494/head
Simon Willison
rodzic
0fdbf00484
commit
8584993529
|
|
@ -46,6 +46,7 @@ from .database import Database, QueryInterrupted
|
||||||
from .utils import (
|
from .utils import (
|
||||||
PrefixedUrlString,
|
PrefixedUrlString,
|
||||||
StartupError,
|
StartupError,
|
||||||
|
add_cors_headers,
|
||||||
async_call_with_supported_arguments,
|
async_call_with_supported_arguments,
|
||||||
await_me_maybe,
|
await_me_maybe,
|
||||||
call_with_supported_arguments,
|
call_with_supported_arguments,
|
||||||
|
|
@ -1321,7 +1322,7 @@ class DatasetteRouter:
|
||||||
)
|
)
|
||||||
headers = {}
|
headers = {}
|
||||||
if self.ds.cors:
|
if self.ds.cors:
|
||||||
headers["Access-Control-Allow-Origin"] = "*"
|
add_cors_headers(headers)
|
||||||
if request.path.split("?")[0].endswith(".json"):
|
if request.path.split("?")[0].endswith(".json"):
|
||||||
await asgi_send_json(send, info, status=status, headers=headers)
|
await asgi_send_json(send, info, status=status, headers=headers)
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
|
|
@ -1089,3 +1089,8 @@ async def derive_named_parameters(db, sql):
|
||||||
return [row["p4"].lstrip(":") for row in results if row["opcode"] == "Variable"]
|
return [row["p4"].lstrip(":") for row in results if row["opcode"] == "Variable"]
|
||||||
except sqlite3.DatabaseError:
|
except sqlite3.DatabaseError:
|
||||||
return possible_params
|
return possible_params
|
||||||
|
|
||||||
|
|
||||||
|
def add_cors_headers(headers):
|
||||||
|
headers["Access-Control-Allow-Origin"] = "*"
|
||||||
|
headers["Access-Control-Allow-Headers"] = "Authorization"
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ import pint
|
||||||
from datasette import __version__
|
from datasette import __version__
|
||||||
from datasette.database import QueryInterrupted
|
from datasette.database import QueryInterrupted
|
||||||
from datasette.utils import (
|
from datasette.utils import (
|
||||||
|
add_cors_headers,
|
||||||
await_me_maybe,
|
await_me_maybe,
|
||||||
EscapeHtmlWriter,
|
EscapeHtmlWriter,
|
||||||
InvalidSql,
|
InvalidSql,
|
||||||
|
|
@ -163,7 +164,7 @@ class DataView(BaseView):
|
||||||
async def options(self, request, *args, **kwargs):
|
async def options(self, request, *args, **kwargs):
|
||||||
r = Response.text("ok")
|
r = Response.text("ok")
|
||||||
if self.ds.cors:
|
if self.ds.cors:
|
||||||
r.headers["Access-Control-Allow-Origin"] = "*"
|
add_cors_headers(r.headers)
|
||||||
return r
|
return r
|
||||||
|
|
||||||
def redirect(self, request, path, forward_querystring=True, remove_args=None):
|
def redirect(self, request, path, forward_querystring=True, remove_args=None):
|
||||||
|
|
@ -174,7 +175,7 @@ class DataView(BaseView):
|
||||||
r = Response.redirect(path)
|
r = Response.redirect(path)
|
||||||
r.headers["Link"] = f"<{path}>; rel=preload"
|
r.headers["Link"] = f"<{path}>; rel=preload"
|
||||||
if self.ds.cors:
|
if self.ds.cors:
|
||||||
r.headers["Access-Control-Allow-Origin"] = "*"
|
add_cors_headers(r.headers)
|
||||||
return r
|
return r
|
||||||
|
|
||||||
async def data(self, request, database, hash, **kwargs):
|
async def data(self, request, database, hash, **kwargs):
|
||||||
|
|
@ -417,7 +418,7 @@ class DataView(BaseView):
|
||||||
|
|
||||||
headers = {}
|
headers = {}
|
||||||
if self.ds.cors:
|
if self.ds.cors:
|
||||||
headers["Access-Control-Allow-Origin"] = "*"
|
add_cors_headers(headers)
|
||||||
if request.args.get("_dl", None):
|
if request.args.get("_dl", None):
|
||||||
if not trace:
|
if not trace:
|
||||||
content_type = "text/csv; charset=utf-8"
|
content_type = "text/csv; charset=utf-8"
|
||||||
|
|
@ -643,5 +644,5 @@ class DataView(BaseView):
|
||||||
response.headers["Cache-Control"] = ttl_header
|
response.headers["Cache-Control"] = ttl_header
|
||||||
response.headers["Referrer-Policy"] = "no-referrer"
|
response.headers["Referrer-Policy"] = "no-referrer"
|
||||||
if self.ds.cors:
|
if self.ds.cors:
|
||||||
response.headers["Access-Control-Allow-Origin"] = "*"
|
add_cors_headers(response.headers)
|
||||||
return response
|
return response
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ from urllib.parse import parse_qsl, urlencode
|
||||||
import markupsafe
|
import markupsafe
|
||||||
|
|
||||||
from datasette.utils import (
|
from datasette.utils import (
|
||||||
|
add_cors_headers,
|
||||||
await_me_maybe,
|
await_me_maybe,
|
||||||
check_visibility,
|
check_visibility,
|
||||||
derive_named_parameters,
|
derive_named_parameters,
|
||||||
|
|
@ -176,7 +177,7 @@ class DatabaseDownload(DataView):
|
||||||
filepath = db.path
|
filepath = db.path
|
||||||
headers = {}
|
headers = {}
|
||||||
if self.ds.cors:
|
if self.ds.cors:
|
||||||
headers["Access-Control-Allow-Origin"] = "*"
|
add_cors_headers(headers)
|
||||||
headers["Transfer-Encoding"] = "chunked"
|
headers["Transfer-Encoding"] = "chunked"
|
||||||
return AsgiFileDownload(
|
return AsgiFileDownload(
|
||||||
filepath,
|
filepath,
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
import hashlib
|
import hashlib
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from datasette.utils import check_visibility, CustomJSONEncoder
|
from datasette.utils import add_cors_headers, check_visibility, CustomJSONEncoder
|
||||||
from datasette.utils.asgi import Response
|
from datasette.utils.asgi import Response
|
||||||
from datasette.version import __version__
|
from datasette.version import __version__
|
||||||
|
|
||||||
|
|
@ -129,7 +129,7 @@ class IndexView(BaseView):
|
||||||
if as_format:
|
if as_format:
|
||||||
headers = {}
|
headers = {}
|
||||||
if self.ds.cors:
|
if self.ds.cors:
|
||||||
headers["Access-Control-Allow-Origin"] = "*"
|
add_cors_headers(headers)
|
||||||
return Response(
|
return Response(
|
||||||
json.dumps({db["name"]: db for db in databases}, cls=CustomJSONEncoder),
|
json.dumps({db["name"]: db for db in databases}, cls=CustomJSONEncoder),
|
||||||
content_type="application/json; charset=utf-8",
|
content_type="application/json; charset=utf-8",
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
import json
|
import json
|
||||||
from datasette.utils.asgi import Response, Forbidden
|
from datasette.utils.asgi import Response, Forbidden
|
||||||
from datasette.utils import actor_matches_allow
|
from datasette.utils import actor_matches_allow, add_cors_headers
|
||||||
from .base import BaseView
|
from .base import BaseView
|
||||||
import secrets
|
import secrets
|
||||||
|
|
||||||
|
|
@ -23,7 +23,7 @@ class JsonDataView(BaseView):
|
||||||
if as_format:
|
if as_format:
|
||||||
headers = {}
|
headers = {}
|
||||||
if self.ds.cors:
|
if self.ds.cors:
|
||||||
headers["Access-Control-Allow-Origin"] = "*"
|
add_cors_headers(headers)
|
||||||
return Response(
|
return Response(
|
||||||
json.dumps(data),
|
json.dumps(data),
|
||||||
content_type="application/json; charset=utf-8",
|
content_type="application/json; charset=utf-8",
|
||||||
|
|
|
||||||
|
|
@ -1955,7 +1955,8 @@ def test_trace(trace_debug):
|
||||||
def test_cors(app_client_with_cors, path, status_code):
|
def test_cors(app_client_with_cors, path, status_code):
|
||||||
response = app_client_with_cors.get(path)
|
response = app_client_with_cors.get(path)
|
||||||
assert response.status == status_code
|
assert response.status == status_code
|
||||||
assert "*" == response.headers["Access-Control-Allow-Origin"]
|
assert response.headers["Access-Control-Allow-Origin"] == "*"
|
||||||
|
assert response.headers["Access-Control-Allow-Headers"] == "Authorization"
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize(
|
@pytest.mark.parametrize(
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue