django-cors-headers-1.1.0/0000775000076500007650000000000012443624106013442 5ustar basbasdjango-cors-headers-1.1.0/setup.py0000775000076500007650000000263212373036762015171 0ustar basbasfrom corsheaders import __version__ from setuptools import setup setup( name='django-cors-headers', version=__version__, description='django-cors-headers is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS).', author='Otto Yiu', author_email='otto@live.ca', url='https://github.com/ottoyiu/django-cors-headers', packages=['corsheaders'], license='MIT License', keywords='django cors middleware rest api', platforms=['any'], classifiers=[ 'Development Status :: 5 - Production/Stable', 'Environment :: Web Environment', 'Framework :: Django', 'Intended Audience :: Developers', 'License :: OSI Approved :: MIT License', 'Operating System :: OS Independent', 'Programming Language :: Python', 'Programming Language :: Python :: 2', 'Programming Language :: Python :: 2.6', 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3', 'Programming Language :: Python :: 3.2', 'Programming Language :: Python :: 3.3', 'Programming Language :: Python :: 3.4', 'Topic :: Software Development :: Libraries :: Application Frameworks', 'Topic :: Software Development :: Libraries :: Python Modules', ], install_requires=[], tests_require=['mock >= 1.0'], test_suite='tests.main', ) django-cors-headers-1.1.0/django_cors_headers.egg-info/0000775000076500007650000000000012443624106021117 5ustar basbasdjango-cors-headers-1.1.0/django_cors_headers.egg-info/SOURCES.txt0000664000076500007650000000045112443624106023003 0ustar basbassetup.py corsheaders/__init__.py corsheaders/defaults.py corsheaders/middleware.py corsheaders/models.py corsheaders/tests.py django_cors_headers.egg-info/PKG-INFO django_cors_headers.egg-info/SOURCES.txt django_cors_headers.egg-info/dependency_links.txt django_cors_headers.egg-info/top_level.txtdjango-cors-headers-1.1.0/django_cors_headers.egg-info/top_level.txt0000664000076500007650000000001412443624106023644 0ustar basbascorsheaders django-cors-headers-1.1.0/django_cors_headers.egg-info/dependency_links.txt0000664000076500007650000000000112443624106025165 0ustar basbas django-cors-headers-1.1.0/django_cors_headers.egg-info/PKG-INFO0000664000076500007650000000227712443624106022224 0ustar basbasMetadata-Version: 1.0 Name: django-cors-headers Version: 1.1.0 Summary: django-cors-headers is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS). Home-page: https://github.com/ottoyiu/django-cors-headers Author: Otto Yiu Author-email: otto@live.ca License: MIT License Description: UNKNOWN Keywords: django cors middleware rest api Platform: any Classifier: Development Status :: 5 - Production/Stable Classifier: Environment :: Web Environment Classifier: Framework :: Django Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: MIT License Classifier: Operating System :: OS Independent Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 2.6 Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.2 Classifier: Programming Language :: Python :: 3.3 Classifier: Programming Language :: Python :: 3.4 Classifier: Topic :: Software Development :: Libraries :: Application Frameworks Classifier: Topic :: Software Development :: Libraries :: Python Modules django-cors-headers-1.1.0/corsheaders/0000775000076500007650000000000012443624106015744 5ustar basbasdjango-cors-headers-1.1.0/corsheaders/middleware.py0000775000076500007650000001302712443623065020444 0ustar basbasimport re from django import http try: from urlparse import urlparse except ImportError: from urllib.parse import urlparse try: from django.apps import apps get_model = apps.get_model except ImportError: from django.db.models.loading import get_model from corsheaders import defaults as settings ACCESS_CONTROL_ALLOW_ORIGIN = 'Access-Control-Allow-Origin' ACCESS_CONTROL_EXPOSE_HEADERS = 'Access-Control-Expose-Headers' ACCESS_CONTROL_ALLOW_CREDENTIALS = 'Access-Control-Allow-Credentials' ACCESS_CONTROL_ALLOW_HEADERS = 'Access-Control-Allow-Headers' ACCESS_CONTROL_ALLOW_METHODS = 'Access-Control-Allow-Methods' ACCESS_CONTROL_MAX_AGE = 'Access-Control-Max-Age' class CorsPostCsrfMiddleware(object): def _https_referer_replace_reverse(self, request): """ Put the HTTP_REFERER back to its original value and delete the temporary storage """ if (settings.CORS_REPLACE_HTTPS_REFERER and 'ORIGINAL_HTTP_REFERER' in request.META): http_referer = request.META['ORIGINAL_HTTP_REFERER'] request.META['HTTP_REFERER'] = http_referer del request.META['ORIGINAL_HTTP_REFERER'] def process_request(self, request): self._https_referer_replace_reverse(request) return None def process_view(self, request, callback, callback_args, callback_kwargs): self._https_referer_replace_reverse(request) return None class CorsMiddleware(object): def _https_referer_replace(self, request): """ When https is enabled, django CSRF checking includes referer checking which breaks when using CORS. This function updates the HTTP_REFERER header to make sure it matches HTTP_HOST, provided that our cors logic succeeds """ origin = request.META.get('HTTP_ORIGIN') if (request.is_secure() and origin and 'ORIGINAL_HTTP_REFERER' not in request.META): url = urlparse(origin) if (not settings.CORS_ORIGIN_ALLOW_ALL and self.origin_not_found_in_white_lists(origin, url)): return try: http_referer = request.META['HTTP_REFERER'] http_host = "https://%s/" % request.META['HTTP_HOST'] request.META = request.META.copy() request.META['ORIGINAL_HTTP_REFERER'] = http_referer request.META['HTTP_REFERER'] = http_host except KeyError: pass def process_request(self, request): """ If CORS preflight header, then create an empty body response (200 OK) and return it Django won't bother calling any other request view/exception middleware along with the requested view; it will call any response middlewares """ if self.is_enabled(request) and settings.CORS_REPLACE_HTTPS_REFERER: self._https_referer_replace(request) if (self.is_enabled(request) and request.method == 'OPTIONS' and "HTTP_ACCESS_CONTROL_REQUEST_METHOD" in request.META): response = http.HttpResponse() return response return None def process_view(self, request, callback, callback_args, callback_kwargs): """ Do the referer replacement here as well """ if self.is_enabled(request) and settings.CORS_REPLACE_HTTPS_REFERER: self._https_referer_replace(request) return None def process_response(self, request, response): """ Add the respective CORS headers """ origin = request.META.get('HTTP_ORIGIN') if self.is_enabled(request) and origin: # todo: check hostname from db instead url = urlparse(origin) if settings.CORS_MODEL is not None: model = get_model(*settings.CORS_MODEL.split('.')) if model.objects.filter(cors=url.netloc).exists(): response[ACCESS_CONTROL_ALLOW_ORIGIN] = origin if (not settings.CORS_ORIGIN_ALLOW_ALL and self.origin_not_found_in_white_lists(origin, url)): return response response[ACCESS_CONTROL_ALLOW_ORIGIN] = "*" if ( settings.CORS_ORIGIN_ALLOW_ALL and not settings.CORS_ALLOW_CREDENTIALS) else origin if len(settings.CORS_EXPOSE_HEADERS): response[ACCESS_CONTROL_EXPOSE_HEADERS] = ', '.join( settings.CORS_EXPOSE_HEADERS) if settings.CORS_ALLOW_CREDENTIALS: response[ACCESS_CONTROL_ALLOW_CREDENTIALS] = 'true' if request.method == 'OPTIONS': response[ACCESS_CONTROL_ALLOW_HEADERS] = ', '.join( settings.CORS_ALLOW_HEADERS) response[ACCESS_CONTROL_ALLOW_METHODS] = ', '.join( settings.CORS_ALLOW_METHODS) if settings.CORS_PREFLIGHT_MAX_AGE: response[ACCESS_CONTROL_MAX_AGE] = \ settings.CORS_PREFLIGHT_MAX_AGE return response def origin_not_found_in_white_lists(self, origin, url): return (url.netloc not in settings.CORS_ORIGIN_WHITELIST and not self.regex_domain_match(origin)) def regex_domain_match(self, origin): for domain_pattern in settings.CORS_ORIGIN_REGEX_WHITELIST: if re.match(domain_pattern, origin): return origin def is_enabled(self, request): return re.match(settings.CORS_URLS_REGEX, request.path) django-cors-headers-1.1.0/corsheaders/defaults.py0000664000076500007650000000217112443623065020131 0ustar basbasfrom django.conf import settings default_headers = ( 'x-requested-with', 'content-type', 'accept', 'origin', 'authorization', 'x-csrftoken', 'user-agent', 'accept-encoding', ) CORS_ALLOW_HEADERS = getattr(settings, 'CORS_ALLOW_HEADERS', default_headers) default_methods = ( 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS', ) CORS_ALLOW_METHODS = getattr(settings, 'CORS_ALLOW_METHODS', default_methods) CORS_ALLOW_CREDENTIALS = getattr(settings, 'CORS_ALLOW_CREDENTIALS', False) CORS_PREFLIGHT_MAX_AGE = getattr(settings, 'CORS_PREFLIGHT_MAX_AGE', 86400) CORS_ORIGIN_ALLOW_ALL = getattr(settings, 'CORS_ORIGIN_ALLOW_ALL', False) CORS_ORIGIN_WHITELIST = getattr(settings, 'CORS_ORIGIN_WHITELIST', ()) CORS_ORIGIN_REGEX_WHITELIST = getattr( settings, 'CORS_ORIGIN_REGEX_WHITELIST', ()) CORS_EXPOSE_HEADERS = getattr(settings, 'CORS_EXPOSE_HEADERS', ()) CORS_URLS_REGEX = getattr(settings, 'CORS_URLS_REGEX', '^.*$') CORS_MODEL = getattr(settings, 'CORS_MODEL', None) CORS_REPLACE_HTTPS_REFERER = getattr( settings, 'CORS_REPLACE_HTTPS_REFERER', False) django-cors-headers-1.1.0/corsheaders/models.py0000664000076500007650000000015212443623065017602 0ustar basbasfrom django.db import models class CorsModel(models.Model): cors = models.CharField(max_length=255) django-cors-headers-1.1.0/corsheaders/__init__.py0000775000076500007650000000002612443623125020056 0ustar basbas__version__ = "1.1.0" django-cors-headers-1.1.0/corsheaders/tests.py0000664000076500007650000003754712443623065017503 0ustar basbasfrom django.http import HttpResponse from django.test import TestCase from corsheaders.middleware import CorsMiddleware, CorsPostCsrfMiddleware from corsheaders.middleware import ACCESS_CONTROL_ALLOW_ORIGIN from corsheaders.middleware import ACCESS_CONTROL_EXPOSE_HEADERS from corsheaders.middleware import ACCESS_CONTROL_ALLOW_CREDENTIALS from corsheaders.middleware import ACCESS_CONTROL_ALLOW_HEADERS from corsheaders.middleware import ACCESS_CONTROL_ALLOW_METHODS from corsheaders.middleware import ACCESS_CONTROL_MAX_AGE from corsheaders import defaults as settings from mock import Mock from mock import patch class settings_override(object): def __init__(self, **kwargs): self.overrides = kwargs def __enter__(self): self.old = dict((key, getattr(settings, key)) for key in self.overrides) settings.__dict__.update(self.overrides) def __exit__(self, exc, value, tb): settings.__dict__.update(self.old) class TestCorsMiddlewareProcessRequest(TestCase): def setUp(self): self.middleware = CorsMiddleware() def test_process_request(self): request = Mock(path='/') request.method = 'OPTIONS' request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': 'value'} with settings_override(CORS_URLS_REGEX='^.*$'): response = self.middleware.process_request(request) self.assertIsInstance(response, HttpResponse) def test_process_request_empty_header(self): request = Mock(path='/') request.method = 'OPTIONS' request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': ''} with settings_override(CORS_URLS_REGEX='^.*$'): response = self.middleware.process_request(request) self.assertIsInstance(response, HttpResponse) def test_process_request_no_header(self): request = Mock(path='/') request.method = 'OPTIONS' request.META = {} response = self.middleware.process_request(request) self.assertIsNone(response) def test_process_request_not_options(self): request = Mock(path='/') request.method = 'GET' request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': 'value'} response = self.middleware.process_request(request) self.assertIsNone(response) def test_process_request_replace_https_referer(self): post_middleware = CorsPostCsrfMiddleware() request = Mock(path='/') request.method = 'GET' request.is_secure = lambda: True # make sure it doesnt blow up when HTTP_REFERER is not present request.META = { 'HTTP_HOST': 'foobar.com', 'HTTP_ORIGIN': 'https://foo.google.com', } with settings_override(CORS_URLS_REGEX='^.*$', CORS_ORIGIN_REGEX_WHITELIST='.*google.*', CORS_REPLACE_HTTPS_REFERER=True): response = self.middleware.process_request(request) self.assertIsNone(response) # make sure it doesnt blow up when HTTP_HOST is not present request.META = { 'HTTP_REFERER': 'http://foo.google.com/', 'HTTP_ORIGIN': 'https://foo.google.com', } with settings_override(CORS_URLS_REGEX='^.*$', CORS_ORIGIN_REGEX_WHITELIST='.*google.*', CORS_REPLACE_HTTPS_REFERER=True): response = self.middleware.process_request(request) self.assertIsNone(response) request.is_secure = lambda: False request.META = { 'HTTP_REFERER': 'http://foo.google.com/', 'HTTP_HOST': 'foobar.com', 'HTTP_ORIGIN': 'http://foo.google.com', } # test that we won't replace if the request is not secure with settings_override(CORS_URLS_REGEX='^.*$', CORS_ORIGIN_REGEX_WHITELIST='.*google.*', CORS_REPLACE_HTTPS_REFERER=True): response = self.middleware.process_request(request) self.assertIsNone(response) self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META) self.assertEquals(request.META['HTTP_REFERER'], 'http://foo.google.com/') request.is_secure = lambda: True request.META = { 'HTTP_REFERER': 'https://foo.google.com/', 'HTTP_HOST': 'foobar.com', 'HTTP_ORIGIN': 'https://foo.google.com', } # test that we won't replace with the setting off with settings_override(CORS_URLS_REGEX='^.*$', CORS_ORIGIN_REGEX_WHITELIST='.*google.*'): response = self.middleware.process_request(request) self.assertIsNone(response) self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META) self.assertEquals(request.META['HTTP_REFERER'], 'https://foo.google.com/') with settings_override(CORS_URLS_REGEX='^.*$', CORS_ORIGIN_REGEX_WHITELIST='.*google.*', CORS_REPLACE_HTTPS_REFERER=True): response = self.middleware.process_request(request) self.assertIsNone(response) self.assertEquals(request.META['ORIGINAL_HTTP_REFERER'], 'https://foo.google.com/') self.assertEquals(request.META['HTTP_REFERER'], 'https://foobar.com/') # make sure the replace code is idempotent with settings_override(CORS_URLS_REGEX='^.*$', CORS_ORIGIN_REGEX_WHITELIST='.*google.*', CORS_REPLACE_HTTPS_REFERER=True): response = self.middleware.process_view(request, None, None, None) self.assertIsNone(response) self.assertEquals(request.META['ORIGINAL_HTTP_REFERER'], 'https://foo.google.com/') self.assertEquals(request.META['HTTP_REFERER'], 'https://foobar.com/') with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True): post_middleware.process_request(request) self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META) self.assertEquals(request.META['HTTP_REFERER'], 'https://foo.google.com/') with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True): response = post_middleware.process_request(request) self.assertIsNone(response) def test_process_view_replace_https_referer(self): post_middleware = CorsPostCsrfMiddleware() request = Mock(path='/') request.method = 'GET' request.is_secure = lambda: True request.META = { 'HTTP_REFERER': 'https://foo.google.com/', 'HTTP_HOST': 'foobar.com', 'HTTP_ORIGIN': 'https://foo.google.com', } with settings_override(CORS_URLS_REGEX='^.*$', CORS_ORIGIN_REGEX_WHITELIST='.*google.*', CORS_REPLACE_HTTPS_REFERER=True): response = self.middleware.process_view(request, None, None, None) self.assertIsNone(response) self.assertEquals(request.META['ORIGINAL_HTTP_REFERER'], 'https://foo.google.com/') self.assertEquals(request.META['HTTP_REFERER'], 'https://foobar.com/') with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True): post_middleware.process_view(request, None, None, None) self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META) self.assertEquals(request.META['HTTP_REFERER'], 'https://foo.google.com/') with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True): response = post_middleware.process_view(request, None, None, None) self.assertIsNone(response) @patch('corsheaders.middleware.settings') class TestCorsMiddlewareProcessResponse(TestCase): def setUp(self): self.middleware = CorsMiddleware() def assertAccessControlAllowOriginEquals(self, response, header): self.assertIn(ACCESS_CONTROL_ALLOW_ORIGIN, response, "Response %r does " "NOT have %r header" % (response, ACCESS_CONTROL_ALLOW_ORIGIN)) self.assertEqual(response[ACCESS_CONTROL_ALLOW_ORIGIN], header) def test_process_response_no_origin(self, settings): settings.CORS_MODEL = None settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request = Mock(path='/', META={}) processed = self.middleware.process_response(request, response) self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed) def test_process_response_not_in_whitelist(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = False settings.CORS_ORIGIN_WHITELIST = ['example.com'] settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foobar.it'}) processed = self.middleware.process_response(request, response) self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed) def test_process_response_in_whitelist(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = False settings.CORS_ORIGIN_WHITELIST = ['example.com', 'foobar.it'] settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foobar.it'}) processed = self.middleware.process_response(request, response) self.assertAccessControlAllowOriginEquals(processed, 'http://foobar.it') def test_process_response_expose_headers(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = True settings.CORS_EXPOSE_HEADERS = ['accept', 'origin', 'content-type'] settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'}) processed = self.middleware.process_response(request, response) self.assertEqual(processed[ACCESS_CONTROL_EXPOSE_HEADERS], 'accept, origin, content-type') def test_process_response_dont_expose_headers(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = True settings.CORS_EXPOSE_HEADERS = [] settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'}) processed = self.middleware.process_response(request, response) self.assertNotIn(ACCESS_CONTROL_EXPOSE_HEADERS, processed) def test_process_response_allow_credentials(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = True settings.CORS_ALLOW_CREDENTIALS = True settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'}) processed = self.middleware.process_response(request, response) self.assertEqual(processed[ACCESS_CONTROL_ALLOW_CREDENTIALS], 'true') def test_process_response_dont_allow_credentials(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = True settings.CORS_ALLOW_CREDENTIALS = False settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'}) processed = self.middleware.process_response(request, response) self.assertNotIn(ACCESS_CONTROL_ALLOW_CREDENTIALS, processed) def test_process_response_options_method(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = True settings.CORS_ALLOW_HEADERS = ['content-type', 'origin'] settings.CORS_ALLOW_METHODS = ['GET', 'OPTIONS'] settings.CORS_PREFLIGHT_MAX_AGE = 1002 settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request_headers = {'HTTP_ORIGIN': 'http://example.com'} request = Mock(path='/', META=request_headers, method='OPTIONS') processed = self.middleware.process_response(request, response) self.assertEqual(processed[ACCESS_CONTROL_ALLOW_HEADERS], 'content-type, origin') self.assertEqual(processed[ACCESS_CONTROL_ALLOW_METHODS], 'GET, OPTIONS') self.assertEqual(processed[ACCESS_CONTROL_MAX_AGE], '1002') def test_process_response_options_method_no_max_age(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = True settings.CORS_ALLOW_HEADERS = ['content-type', 'origin'] settings.CORS_ALLOW_METHODS = ['GET', 'OPTIONS'] settings.CORS_PREFLIGHT_MAX_AGE = 0 settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request_headers = {'HTTP_ORIGIN': 'http://example.com'} request = Mock(path='/', META=request_headers, method='OPTIONS') processed = self.middleware.process_response(request, response) self.assertEqual(processed[ACCESS_CONTROL_ALLOW_HEADERS], 'content-type, origin') self.assertEqual(processed[ACCESS_CONTROL_ALLOW_METHODS], 'GET, OPTIONS') self.assertNotIn(ACCESS_CONTROL_MAX_AGE, processed) def test_process_response_whitelist_with_port(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_ALLOW_ALL = False settings.CORS_ALLOW_METHODS = ['OPTIONS'] settings.CORS_ORIGIN_WHITELIST = ('localhost:9000',) settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request_headers = {'HTTP_ORIGIN': 'http://localhost:9000'} request = Mock(path='/', META=request_headers, method='OPTIONS') processed = self.middleware.process_response(request, response) self.assertEqual(processed.get(ACCESS_CONTROL_ALLOW_CREDENTIALS, None), 'true') def test_process_response_adds_origin_when_domain_found_in_origin_regex_whitelist(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_REGEX_WHITELIST = ('^http?://(\w+\.)?google\.com$', ) settings.CORS_ALLOW_CREDENTIALS = True settings.CORS_ORIGIN_ALLOW_ALL = False settings.CORS_ALLOW_METHODS = ['OPTIONS'] settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request_headers = {'HTTP_ORIGIN': 'http://foo.google.com'} request = Mock(path='/', META=request_headers, method='OPTIONS') processed = self.middleware.process_response(request, response) self.assertEqual(processed.get(ACCESS_CONTROL_ALLOW_ORIGIN, None), 'http://foo.google.com') def test_process_response_will_not_add_origin_when_domain_not_found_in_origin_regex_whitelist(self, settings): settings.CORS_MODEL = None settings.CORS_ORIGIN_REGEX_WHITELIST = ('^http?://(\w+\.)?yahoo\.com$', ) settings.CORS_ALLOW_CREDENTIALS = True settings.CORS_ORIGIN_ALLOW_ALL = False settings.CORS_ALLOW_METHODS = ['OPTIONS'] settings.CORS_URLS_REGEX = '^.*$' response = HttpResponse() request_headers = {'HTTP_ORIGIN': 'http://foo.google.com'} request = Mock(path='/', META=request_headers, method='OPTIONS') processed = self.middleware.process_response(request, response) self.assertEqual(processed.get(ACCESS_CONTROL_ALLOW_ORIGIN, None), None) def test_process_response_when_custom_model_enabled(self, settings): from corsheaders.models import CorsModel CorsModel.objects.create(cors='foo.google.com') settings.CORS_ORIGIN_REGEX_WHITELIST = () settings.CORS_ALLOW_CREDENTIALS = False settings.CORS_ORIGIN_ALLOW_ALL = False settings.CORS_ALLOW_METHODS = settings.default_methods settings.CORS_URLS_REGEX = '^.*$' settings.CORS_MODEL = 'corsheaders.CorsModel' response = HttpResponse() request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foo.google.com'}) processed = self.middleware.process_response(request, response) self.assertEqual(processed.get(ACCESS_CONTROL_ALLOW_ORIGIN, None), 'http://foo.google.com') django-cors-headers-1.1.0/setup.cfg0000664000076500007650000000007312443624106015263 0ustar basbas[egg_info] tag_build = tag_date = 0 tag_svn_revision = 0 django-cors-headers-1.1.0/PKG-INFO0000664000076500007650000000227712443624106014547 0ustar basbasMetadata-Version: 1.0 Name: django-cors-headers Version: 1.1.0 Summary: django-cors-headers is a Django application for handling the server headers required for Cross-Origin Resource Sharing (CORS). Home-page: https://github.com/ottoyiu/django-cors-headers Author: Otto Yiu Author-email: otto@live.ca License: MIT License Description: UNKNOWN Keywords: django cors middleware rest api Platform: any Classifier: Development Status :: 5 - Production/Stable Classifier: Environment :: Web Environment Classifier: Framework :: Django Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: MIT License Classifier: Operating System :: OS Independent Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 2.6 Classifier: Programming Language :: Python :: 2.7 Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.2 Classifier: Programming Language :: Python :: 3.3 Classifier: Programming Language :: Python :: 3.4 Classifier: Topic :: Software Development :: Libraries :: Application Frameworks Classifier: Topic :: Software Development :: Libraries :: Python Modules