Skip to content

Cors request

Cross-Origin Resource Sharing (CORS) handler for odin-control.

This module implements a simple handler to respond to CORS preflight requests from clients, allowing CORS requests to be made to API handlers.

Tim Nicholls, STFC Detector Systems Software Group.

CorsRequestHandler

Bases: RequestHandler

Handler to respond to CORS requests.

This handler responds to HTTP OPTIONS requests and sets the appropriate headers to allow CORS requests from the specified origin. This class is intended to be used as a base class for API handlers to allow CORS requests to be made to API endpoints.

Source code in src/odin_control/http/handlers/cors_request.py 
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
class CorsRequestHandler(RequestHandler):
    """Handler to respond to CORS requests.

    This handler responds to HTTP OPTIONS requests and sets the appropriate headers to allow CORS
    requests from the specified origin. This class is intended to be used as a base class for API
    handlers to allow CORS requests to be made to API endpoints.
    """

    def __init__(self, *args, **kwargs):
        """Construct the CorsRequestHandler object.

        This method constructs the CorsRequestHandler object, calling the superclass constructor and
        setting the route object to None.
        """
        self.route = None
        super().__init__(*args, **kwargs)

    def initialize(self, route, enable_cors, cors_origin):
        """Initialize the CorsRequestHandler object.

        :param route: ApiRoute object calling the handler (allows adapters to be resolved)
        :param enable_cors: enable CORS support by setting appropriate headers
        :param cors_origin: allowed origin for CORS requests
        """
        self.route = route
        if enable_cors:
            self.set_header("Access-Control-Allow-Origin", cors_origin)
            self.set_header("Access-Control-Allow-Headers", "x-requested-with,content-type")
            self.set_header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")

    def options(self, *_):
        """Handle an OPTIONS request.

        This method handles an OPTION request and is provided to allow browser clients to employ
        CORS preflight requests to determine if non-simple requests are allowed.

        :param _: unused arguments passed to the method by the URI matching in the handler
        """
        # Set status to indicate successful request with no content returned
        self.set_status(204)

__init__(*args, **kwargs)

Construct the CorsRequestHandler object.

This method constructs the CorsRequestHandler object, calling the superclass constructor and setting the route object to None.

Source code in src/odin_control/http/handlers/cors_request.py 
19
20
21
22
23
24
25
26
def __init__(self, *args, **kwargs):
    """Construct the CorsRequestHandler object.

    This method constructs the CorsRequestHandler object, calling the superclass constructor and
    setting the route object to None.
    """
    self.route = None
    super().__init__(*args, **kwargs)

initialize(route, enable_cors, cors_origin)

Initialize the CorsRequestHandler object.

Parameters:

Name Type Description Default
route

ApiRoute object calling the handler (allows adapters to be resolved)

 required
enable_cors

enable CORS support by setting appropriate headers

 required
cors_origin

allowed origin for CORS requests

 required
Source code in src/odin_control/http/handlers/cors_request.py 
28
29
30
31
32
33
34
35
36
37
38
39
def initialize(self, route, enable_cors, cors_origin):
    """Initialize the CorsRequestHandler object.

    :param route: ApiRoute object calling the handler (allows adapters to be resolved)
    :param enable_cors: enable CORS support by setting appropriate headers
    :param cors_origin: allowed origin for CORS requests
    """
    self.route = route
    if enable_cors:
        self.set_header("Access-Control-Allow-Origin", cors_origin)
        self.set_header("Access-Control-Allow-Headers", "x-requested-with,content-type")
        self.set_header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")

options(*_)

Handle an OPTIONS request.

This method handles an OPTION request and is provided to allow browser clients to employ CORS preflight requests to determine if non-simple requests are allowed.

Parameters:

Name Type Description Default
_

unused arguments passed to the method by the URI matching in the handler

 ()
Source code in src/odin_control/http/handlers/cors_request.py 
41
42
43
44
45
46
47
48
49
50
def options(self, *_):
    """Handle an OPTIONS request.

    This method handles an OPTION request and is provided to allow browser clients to employ
    CORS preflight requests to determine if non-simple requests are allowed.

    :param _: unused arguments passed to the method by the URI matching in the handler
    """
    # Set status to indicate successful request with no content returned
    self.set_status(204)