CORS middleware #7

wants to merge 50 commits into


None yet
4 participants

edsu commented Dec 16, 2010

Hi, On Chris Adam's suggestion I thought I'd contribute some middleware for serving up JSON data with CORS header support, so that people can use JSON data from JavaScript that is loaded from elsewhere. I did supply a test, but I'm not entirely sure how to get the sugar test suite to run :-)

Nagy Viktor and others added some commits Sep 28, 2009

Added a basic Query String editing tag
{% qs_alter %} can be used to add or delete variables from a query

{% qs_alter request.GET foo=bar baaz=quux delete:corge %}
Added string replacement tags
re_sub and replace filters providing regexp and string literal
Added string replacement tags
re_sub and replace filters providing regexp and string literal
Added a simple pagination control for template authors
This allows template authors to paginate any iterable they happen to
have available
Merge branch 'master' of git://
Caching: add decorators, middleware
decorators contains equivalents to django.views.decorators.cache.cache_control and never_cache which accept string names so you can easily wrap urlpatterns rather than modifying the source view.

middlware contains HTTPCacheControlMiddleware which provides a simple way to set the default HTTP Cache-Control header without all of the extra processing that the Django UpdateCacheMiddleware performs or breaking your test suite ( The current implementation focuses on public facing sites and will only adjust successful, anonymous GET requests which do not already have a Cache-Control header.
Added a handy profiling decorator
This allows you to do things like:

    with query_count("meaningful message"):
        … tons of code …

and get a simple log message:

meaningful message: 23 queries in 0.42 seconds
querystring_tags: qs_alter returns escaped HTML
The most common use case is generating links; this avoids the common case of producing invalid HTML due to unescaped query string parameters
sugar_template_utils: set_context tag allows defining variables
This allows you to define multiple variables in the current template context
querystring_tags: qs_alter can now remove a key=value pair
This allows you to remove a query string element only if it matches a
given value, which is handy if you have multiple instances of the same
key (e.g. /search/?facet=foo&facet=bar).
Google Chrome SpeedTracer middleware
Record server-side performance data for Google Chrome's SpeedTracer

Getting started:

1. Download and install Speed Tracer:

2. Add this middleware to your MIDDLEWARE_CLASSES

3. Reload your page

4. Open SpeedTracer and expand the "Server Trace" in the page's
   detailed report which should look something like:
Sugar Template Utils: as_json filter
This accepts a Python object and returns the JSON-encoded version
sugar_template_utils: allow set_context to set global variables
Normally set_context only operates on the current template context stack level
(i.e. the current block). This patch allows you to use something like:

{% set_context global foo="bar" %}

to affect the entire context stack, which can lead to madness if done unwisely.

Maybe this could use a CORS_MIMETYPES setting with these values as the default?

Also an area for a setting if you don't want world access?


montylounge commented Dec 16, 2010

thanks edsu. i'll add in the near future.

acdha and others added some commits Dec 16, 2010

Working tests!
Tests run, including from test, and there's now a test project to base them on.
Pygments tag fixes
Now actually works, plus the code is somewhat cleaner

For flexibility, what do you think about instead defining this as a list of (path prefix, mime type, header) values? That way you'd simply iterate over the list and if request.path.startswith(prefix) you'd use the second & third values - intriguingly, you could even use that for completely custom headers.

The alternative would simply be to keep this really simple and add a decorator variant which could be used in views or


edsu commented on c37cedf Dec 16, 2010

I like that idea a lot ... you want to add it?

acdha and others added some commits Dec 16, 2010

CORS Middleware: more granular configuration
Now you can control the CORS middleware using settings.CORS_PATH to
specify a list of paths, mime types and headers to set for arbitrary parts of
your site.

This actually allows you to specify any header: perhaps this should be renamed
to reflect its ability to function as an arbitrary HTTP header setter?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment