Skip to content

CORSMiddleware doesn't check for sinks #660

New issue
New issue
Open
Open
CORSMiddleware doesn't check for sinks#660
@guanzo

Description

@guanzo
guanzo
opened on May 12, 2018

The cors middleware only checks for registered routes, but not for registered sinks.
https://github.com/timothycrosley/hug/blob/22e7de475d4a150abe356b175a6d8aa14b8418bf/hug/middleware.py#L141-L147

Here's a code sample:

api = hug.API(__name__)
api.http.add_middleware(CORSMiddleware(api))
router = hug.http(api=api)

@router.get('/test')
def test():
    pass

@hug.sink('/sinktest', api=api)
def foo(path):
    pass

Visiting /test obviously works, but visiting /sinktest will trigger a KeyError at line 145.

This seems like an oversight, a sink route should still have allowed methods.

Speaking of allowed methods, how do I specify which HTTP verbs a sink route should respond to? I have a requires=token_authentication argument on my sink route, causing the router to check for an authorization header on the OPTIONS request, which is incorrect. OPTIONS requests don't send any authentication details. If I can specify that my sink route only accepts GET, then it won't trigger the token_authentication function.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions