New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

First-class CORS support/helpers #303

Closed
kgriffs opened this Issue Jul 28, 2014 · 18 comments

Comments

Projects
None yet
6 participants
@kgriffs
Contributor

kgriffs commented Jul 28, 2014

@kgriffs kgriffs added this to the 0.3 milestone Jul 28, 2014

@kgriffs kgriffs added the enhancement label Jul 28, 2014

@sebasmagri

This comment has been minimized.

Show comment
Hide comment
@sebasmagri

sebasmagri Aug 9, 2014

Contributor

This is the snippet I normally use for this

ALLOWED_ORIGINS = os.environ.get('ALLOWED_ORIGINS', '').split(';')

def cors_middleware(request, response, params):
    origin = request.get_header('Origin')
    if origin in ALLOWED_ORIGINS:
        response.set_header(
            'Access-Control-Allow-Origin',
            origin
        )
    response.set_header(
        'Access-Control-Allow-Headers',
        'Content-Type'
    )
    # This could be overridden in the resource level
    response.set_header(
        'Access-Control-Allow-Methods',
        'OPTIONS'
    )

application = falcon.API(before=[cors_middleware])

A simple hook like this might be implemented in talons.

Regards,

Contributor

sebasmagri commented Aug 9, 2014

This is the snippet I normally use for this

ALLOWED_ORIGINS = os.environ.get('ALLOWED_ORIGINS', '').split(';')

def cors_middleware(request, response, params):
    origin = request.get_header('Origin')
    if origin in ALLOWED_ORIGINS:
        response.set_header(
            'Access-Control-Allow-Origin',
            origin
        )
    response.set_header(
        'Access-Control-Allow-Headers',
        'Content-Type'
    )
    # This could be overridden in the resource level
    response.set_header(
        'Access-Control-Allow-Methods',
        'OPTIONS'
    )

application = falcon.API(before=[cors_middleware])

A simple hook like this might be implemented in talons.

Regards,

@kgriffs kgriffs removed the enhancement label Mar 6, 2015

@kgriffs kgriffs modified the milestones: 0.3, Future-1 Mar 6, 2015

@kgriffs kgriffs modified the milestones: 0.3, 0.4 Mar 12, 2015

@kgriffs kgriffs added the enhancement label Mar 12, 2015

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton Apr 13, 2015

Member

I'll work on this

Member

lwcolton commented Apr 13, 2015

I'll work on this

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton Apr 13, 2015

Member

@kgriffs Do you want this to be a Talon or baked into falcon?

Member

lwcolton commented Apr 13, 2015

@kgriffs Do you want this to be a Talon or baked into falcon?

@sabzo

This comment has been minimized.

Show comment
Hide comment
@sabzo

sabzo Apr 14, 2015

@lwcolton When the Browser is performing the pre-flight what would be the proper way to send a "Access-Control-Allow-Origin" response? I tried the code above by @sebasmagri it set the response headers appropriately, but not for the "preflight" (https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests)

sabzo commented Apr 14, 2015

@lwcolton When the Browser is performing the pre-flight what would be the proper way to send a "Access-Control-Allow-Origin" response? I tried the code above by @sebasmagri it set the response headers appropriately, but not for the "preflight" (https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests)

@sabzo

This comment has been minimized.

Show comment
Hide comment
@sabzo

sabzo Apr 14, 2015

@sebasmagri If one is running this behind Gunicorn, does Gunicorn need to be configured for CORS? Or NGINX, if NGINX is used as a reverse proxy?

sabzo commented Apr 14, 2015

@sebasmagri If one is running this behind Gunicorn, does Gunicorn need to be configured for CORS? Or NGINX, if NGINX is used as a reverse proxy?

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton Apr 14, 2015

Member

I don't believe a webserver or proxy in front of falcon needs any
configuration for CORS to work. To respond to a preflight request, you
must implement the OPTIONS method. I am not sure if falcon provides an
on_options callback or not. If it does not, create a github issue and I
will implement it

On Tue, Apr 14, 2015, 12:04 AM Sabelo Mhlambi notifications@github.com
wrote:

@sebasmagri https://github.com/sebasmagri If one is running this behind
Gunicorn, does Gunicorn need to be configured for CORS? Or NGINX, if NGINX
is used as a reverse proxy?


Reply to this email directly or view it on GitHub
#303 (comment).

Member

lwcolton commented Apr 14, 2015

I don't believe a webserver or proxy in front of falcon needs any
configuration for CORS to work. To respond to a preflight request, you
must implement the OPTIONS method. I am not sure if falcon provides an
on_options callback or not. If it does not, create a github issue and I
will implement it

On Tue, Apr 14, 2015, 12:04 AM Sabelo Mhlambi notifications@github.com
wrote:

@sebasmagri https://github.com/sebasmagri If one is running this behind
Gunicorn, does Gunicorn need to be configured for CORS? Or NGINX, if NGINX
is used as a reverse proxy?


Reply to this email directly or view it on GitHub
#303 (comment).

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton Apr 24, 2015

Member

@kgriffs still working on this, implementation is done and I am writing tests, looking good so far

Member

lwcolton commented Apr 24, 2015

@kgriffs still working on this, implementation is done and I am writing tests, looking good so far

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton May 29, 2015

Member

@kgriffs just wanted to say I haven't forgotten this and we will need this feature for a project we are currently working on so I am again able to allocate time to it, hoping to have a PR ready soon!

Member

lwcolton commented May 29, 2015

@kgriffs just wanted to say I haven't forgotten this and we will need this feature for a project we are currently working on so I am again able to allocate time to it, hoping to have a PR ready soon!

@kgriffs

This comment has been minimized.

Show comment
Hide comment
@kgriffs

kgriffs May 29, 2015

Contributor

@lwcolton cool, I've also been swamped lately with some things, but hope to circle back and help test/review soon.

Contributor

kgriffs commented May 29, 2015

@lwcolton cool, I've also been swamped lately with some things, but hope to circle back and help test/review soon.

@advance512

This comment has been minimized.

Show comment
Hide comment
@advance512

advance512 Jun 30, 2015

Any update? I need this, as well.

Would be nice to have it return the correct Access-Control-Allow-Methods based on the resource in question.. :)

advance512 commented Jun 30, 2015

Any update? I need this, as well.

Would be nice to have it return the correct Access-Control-Allow-Methods based on the resource in question.. :)

@kgriffs kgriffs modified the milestones: 0.5, 0.4 Aug 3, 2015

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton Sep 7, 2015

Member

This is still in progress, hopefully will have time to work on it in the next couple weeks. I will also improve the handling of access-control-allow-methods to return a value based on the resource in question

Member

lwcolton commented Sep 7, 2015

This is still in progress, hopefully will have time to work on it in the next couple weeks. I will also improve the handling of access-control-allow-methods to return a value based on the resource in question

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton Sep 7, 2015

Member

The branch actually works it's just missing tests and the above mentioned feature smart access-control-allow-methods

Member

lwcolton commented Sep 7, 2015

The branch actually works it's just missing tests and the above mentioned feature smart access-control-allow-methods

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton Sep 11, 2015

Member

Working on this today, thanks for your patience everyone

Member

lwcolton commented Sep 11, 2015

Working on this today, thanks for your patience everyone

@lwcolton

This comment has been minimized.

Show comment
Hide comment
@lwcolton

lwcolton Sep 11, 2015

Member

Alright folks we are just waiting on #607 to be fixed so this can merge. All other tests pass. You can view the changeset at https://github.com/HurricaneLabs/falcon/tree/feature_303 . I will squash the changeset into a single commit message before submitting the PR. Standby for that.

Member

lwcolton commented Sep 11, 2015

Alright folks we are just waiting on #607 to be fixed so this can merge. All other tests pass. You can view the changeset at https://github.com/HurricaneLabs/falcon/tree/feature_303 . I will squash the changeset into a single commit message before submitting the PR. Standby for that.

This was referenced Sep 13, 2015

@advance512

This comment has been minimized.

Show comment
Hide comment
@advance512

advance512 Oct 27, 2015

Sooo... what is this waiting for? :)
Do you need any help with this?

advance512 commented Oct 27, 2015

Sooo... what is this waiting for? :)
Do you need any help with this?

@thenano

This comment has been minimized.

Show comment
Hide comment
@thenano

thenano Feb 2, 2016

I'm also very keen on this feature, just wondering if there's a specific version I can use or a target release for it, and some documentation on how to use it?

Thanks!

thenano commented Feb 2, 2016

I'm also very keen on this feature, just wondering if there's a specific version I can use or a target release for it, and some documentation on how to use it?

Thanks!

@kgriffs

This comment has been minimized.

Show comment
Hide comment
@kgriffs

kgriffs Feb 2, 2016

Contributor

@lwcolton Can you give us an update?

Contributor

kgriffs commented Feb 2, 2016

@lwcolton Can you give us an update?

@kgriffs kgriffs removed this from the 1.1 milestone Feb 17, 2016

@kgriffs

This comment has been minimized.

Show comment
Hide comment
@kgriffs

kgriffs May 3, 2016

Contributor

Released as a standalone add-on. See also: https://github.com/lwcolton/falcon-cors

Contributor

kgriffs commented May 3, 2016

Released as a standalone add-on. See also: https://github.com/lwcolton/falcon-cors

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment