From e484cee6cbe535c4aadab6b3226f7fcf5ef1659b Mon Sep 17 00:00:00 2001
From: Gabriel Le Breton <lebreton.gabriel@gmail.com>
Date: Tue, 18 Apr 2017 14:55:12 -0400
Subject: [PATCH] Adds crossdomain decorator to allow wide open cors (fixes
 #17)

---
 requestbin/api.py         |  2 ++
 requestbin/crossdomain.py | 48 +++++++++++++++++++++++++++++++++++++++
 requestbin/views.py       |  3 +++
 3 files changed, 53 insertions(+)
 create mode 100644 requestbin/crossdomain.py

diff --git a/requestbin/api.py b/requestbin/api.py
index 3eb0632..87c69f5 100644
--- a/requestbin/api.py
+++ b/requestbin/api.py
@@ -3,6 +3,8 @@
 
 from flask import session, make_response, request, render_template
 from requestbin import app, db
+from requestbin.crossdomain import crossdomain
+
 
 def _response(object, code=200):
     jsonp = request.args.get('jsonp')
diff --git a/requestbin/crossdomain.py b/requestbin/crossdomain.py
new file mode 100644
index 0000000..facc632
--- /dev/null
+++ b/requestbin/crossdomain.py
@@ -0,0 +1,48 @@
+from datetime import timedelta
+from functools import update_wrapper
+
+from flask import make_response, request, current_app
+
+
+def crossdomain(origin=None, methods=None, headers=None,
+                max_age=21600, attach_to_all=True,
+                automatic_options=True):
+    if methods is not None:
+        methods = ', '.join(sorted(x.upper() for x in methods))
+    if headers is not None and not isinstance(headers, basestring):
+        headers = ', '.join(x.upper() for x in headers)
+    if not isinstance(origin, basestring):
+        origin = ', '.join(origin)
+    if isinstance(max_age, timedelta):
+        max_age = max_age.total_seconds()
+
+    def get_methods():
+        if methods is not None:
+            return methods
+
+        options_resp = current_app.make_default_options_response()
+        return options_resp.headers['allow']
+
+    def decorator(f):
+        def wrapped_function(*args, **kwargs):
+            if automatic_options and request.method == 'OPTIONS':
+                resp = current_app.make_default_options_response()
+            else:
+                resp = make_response(f(*args, **kwargs))
+            if not attach_to_all and request.method != 'OPTIONS':
+                return resp
+
+            h = resp.headers
+
+            h['Access-Control-Allow-Origin'] = origin
+            h['Access-Control-Allow-Methods'] = get_methods()
+            h['Access-Control-Max-Age'] = str(max_age)
+            if headers is not None:
+                h['Access-Control-Allow-Headers'] = ','.join(headers)
+            h['X-TESTING_HEADERS'] = 'hello world'
+            return resp
+
+        f.provide_automatic_options = False
+        return update_wrapper(wrapped_function, f)
+
+    return decorator
diff --git a/requestbin/views.py b/requestbin/views.py
index 6346ec2..ab1cbb1 100644
--- a/requestbin/views.py
+++ b/requestbin/views.py
@@ -2,6 +2,8 @@
 from flask import session, redirect, url_for, escape, request, render_template, make_response
 
 from requestbin import app, db
+from requestbin.crossdomain import crossdomain
+
 
 def update_recent_bins(name):
     if 'recent' not in session:
@@ -32,6 +34,7 @@ def home():
 
 
 @app.endpoint('views.bin')
+@crossdomain(origin='*')
 def bin(name):
     try:
         bin = db.lookup_bin(name)