kopia lustrzana https://github.com/simonw/datasette
--cors Access-Control-Max-Age: 3600, closes #2079
rodzic
9584879534
commit
b49fa446d6
|
@ -1141,6 +1141,7 @@ def add_cors_headers(headers):
|
||||||
headers["Access-Control-Allow-Headers"] = "Authorization, Content-Type"
|
headers["Access-Control-Allow-Headers"] = "Authorization, Content-Type"
|
||||||
headers["Access-Control-Expose-Headers"] = "Link"
|
headers["Access-Control-Expose-Headers"] = "Link"
|
||||||
headers["Access-Control-Allow-Methods"] = "GET, POST, HEAD, OPTIONS"
|
headers["Access-Control-Allow-Methods"] = "GET, POST, HEAD, OPTIONS"
|
||||||
|
headers["Access-Control-Max-Age"] = "3600"
|
||||||
|
|
||||||
|
|
||||||
_TILDE_ENCODING_SAFE = frozenset(
|
_TILDE_ENCODING_SAFE = frozenset(
|
||||||
|
|
|
@ -454,12 +454,28 @@ Enabling CORS
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
If you start Datasette with the ``--cors`` option, each JSON endpoint will be
|
If you start Datasette with the ``--cors`` option, each JSON endpoint will be
|
||||||
served with the following additional HTTP headers::
|
served with the following additional HTTP headers:
|
||||||
|
|
||||||
|
.. [[[cog
|
||||||
|
from datasette.utils import add_cors_headers
|
||||||
|
import textwrap
|
||||||
|
headers = {}
|
||||||
|
add_cors_headers(headers)
|
||||||
|
output = "\n".join("{}: {}".format(k, v) for k, v in headers.items())
|
||||||
|
cog.out("\n::\n\n")
|
||||||
|
cog.out(textwrap.indent(output, ' '))
|
||||||
|
cog.out("\n\n")
|
||||||
|
.. ]]]
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
Access-Control-Allow-Origin: *
|
Access-Control-Allow-Origin: *
|
||||||
Access-Control-Allow-Headers: Authorization, Content-Type
|
Access-Control-Allow-Headers: Authorization, Content-Type
|
||||||
Access-Control-Expose-Headers: Link
|
Access-Control-Expose-Headers: Link
|
||||||
Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS
|
Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS
|
||||||
|
Access-Control-Max-Age: 3600
|
||||||
|
|
||||||
|
.. [[[end]]]
|
||||||
|
|
||||||
This allows JavaScript running on any domain to make cross-origin
|
This allows JavaScript running on any domain to make cross-origin
|
||||||
requests to interact with the Datasette API.
|
requests to interact with the Datasette API.
|
||||||
|
|
|
@ -941,6 +941,7 @@ def test_cors(
|
||||||
assert (
|
assert (
|
||||||
response.headers["Access-Control-Allow-Methods"] == "GET, POST, HEAD, OPTIONS"
|
response.headers["Access-Control-Allow-Methods"] == "GET, POST, HEAD, OPTIONS"
|
||||||
)
|
)
|
||||||
|
assert response.headers["Access-Control-Max-Age"] == "3600"
|
||||||
# Same request to app_client_two_attached_databases_one_immutable
|
# Same request to app_client_two_attached_databases_one_immutable
|
||||||
# should not have those headers - I'm using that fixture because
|
# should not have those headers - I'm using that fixture because
|
||||||
# regular app_client doesn't have immutable fixtures.db which means
|
# regular app_client doesn't have immutable fixtures.db which means
|
||||||
|
@ -951,6 +952,7 @@ def test_cors(
|
||||||
assert "Access-Control-Allow-Headers" not in response.headers
|
assert "Access-Control-Allow-Headers" not in response.headers
|
||||||
assert "Access-Control-Expose-Headers" not in response.headers
|
assert "Access-Control-Expose-Headers" not in response.headers
|
||||||
assert "Access-Control-Allow-Methods" not in response.headers
|
assert "Access-Control-Allow-Methods" not in response.headers
|
||||||
|
assert "Access-Control-Max-Age" not in response.headers
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize(
|
@pytest.mark.parametrize(
|
||||||
|
|
Ładowanie…
Reference in New Issue