kopia lustrzana https://github.com/simonw/datasette
--cors Access-Control-Max-Age: 3600, closes #2079
Simon Willison
rodzic
9584879534
commit
b49fa446d6
|
|
@ -1141,6 +1141,7 @@ def add_cors_headers(headers):
|
|||
headers["Access-Control-Allow-Headers"] = "Authorization, Content-Type"
|
||||
headers["Access-Control-Expose-Headers"] = "Link"
|
||||
headers["Access-Control-Allow-Methods"] = "GET, POST, HEAD, OPTIONS"
|
||||
headers["Access-Control-Max-Age"] = "3600"
|
||||
|
||||
|
||||
_TILDE_ENCODING_SAFE = frozenset(
|
||||
|
|
|
|||
|
|
@ -454,12 +454,28 @@ Enabling CORS
|
|||
-------------
|
||||
|
||||
If you start Datasette with the ``--cors`` option, each JSON endpoint will be
|
||||
served with the following additional HTTP headers::
|
||||
served with the following additional HTTP headers:
|
||||
|
||||
.. [[[cog
|
||||
from datasette.utils import add_cors_headers
|
||||
import textwrap
|
||||
headers = {}
|
||||
add_cors_headers(headers)
|
||||
output = "\n".join("{}: {}".format(k, v) for k, v in headers.items())
|
||||
cog.out("\n::\n\n")
|
||||
cog.out(textwrap.indent(output, ' '))
|
||||
cog.out("\n\n")
|
||||
.. ]]]
|
||||
|
||||
::
|
||||
|
||||
Access-Control-Allow-Origin: *
|
||||
Access-Control-Allow-Headers: Authorization, Content-Type
|
||||
Access-Control-Expose-Headers: Link
|
||||
Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS
|
||||
Access-Control-Max-Age: 3600
|
||||
|
||||
.. [[[end]]]
|
||||
|
||||
This allows JavaScript running on any domain to make cross-origin
|
||||
requests to interact with the Datasette API.
|
||||
|
|
|
|||
|
|
@ -941,6 +941,7 @@ def test_cors(
|
|||
assert (
|
||||
response.headers["Access-Control-Allow-Methods"] == "GET, POST, HEAD, OPTIONS"
|
||||
)
|
||||
assert response.headers["Access-Control-Max-Age"] == "3600"
|
||||
# Same request to app_client_two_attached_databases_one_immutable
|
||||
# should not have those headers - I'm using that fixture because
|
||||
# regular app_client doesn't have immutable fixtures.db which means
|
||||
|
|
@ -951,6 +952,7 @@ def test_cors(
|
|||
assert "Access-Control-Allow-Headers" not in response.headers
|
||||
assert "Access-Control-Expose-Headers" not in response.headers
|
||||
assert "Access-Control-Allow-Methods" not in response.headers
|
||||
assert "Access-Control-Max-Age" not in response.headers
|
||||
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue