| 12345678910111213141516171819202122232425262728293031323334 |
- __package__ = 'archivebox.api'
- from django.http import HttpResponse
- class ApiCorsMiddleware:
- """Attach permissive CORS headers for API routes (token-based auth)."""
- def __init__(self, get_response):
- self.get_response = get_response
- def __call__(self, request):
- if request.path.startswith('/api/'):
- if request.method == 'OPTIONS' and request.META.get('HTTP_ACCESS_CONTROL_REQUEST_METHOD'):
- response = HttpResponse(status=204)
- return self._add_cors_headers(request, response)
- response = self.get_response(request)
- return self._add_cors_headers(request, response)
- return self.get_response(request)
- def _add_cors_headers(self, request, response):
- origin = request.META.get('HTTP_ORIGIN')
- if not origin:
- return response
- response['Access-Control-Allow-Origin'] = '*'
- response['Access-Control-Allow-Methods'] = 'GET, POST, PUT, PATCH, DELETE, OPTIONS'
- response['Access-Control-Allow-Headers'] = (
- 'Authorization, X-ArchiveBox-API-Key, Content-Type, X-CSRFToken'
- )
- response['Access-Control-Max-Age'] = '600'
- return response
|
