This package adds CORS support to Morepath.
Install more.cors:
$ pip install -U more.corsExtend your App class from CORSApp:
from more.cors import CORSApp
class App(CORSApp):
passThis will add basic CORS support to your Morepath app.
more.cors provides settings in the 'cors' section. Here are the defaults:
@App.setting_section(section='cors')
def cors_settings():
return {
'allowed_verbs': ['GET', 'PUT', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],
'allowed_origin': '*',
'expose_headers': ['Content-Type', 'Authorization'],
'allowed_headers': ['Content-Type', 'Authorization'],
'max_age': 60,
'allow_credentials': False
}The following settings are available:
- allowed_verbs
- A list of allowed HTTP request methods.
- allowed_origin
- A URI that may access the resource. For requests without credentials, "*" can be used as a wildcard, allowing any origin to access the resource.
- expose_headers
- A list of HTTP headers which can be exposed as part of the response.
- allowed_headers
- A list of HTTP headers which can be used during the actual request.
- max_age
- Maximum number of seconds the results of a preflight request can be cached.
- allow_credentials
- Boolean which indicates whether or not the actual request can be made using credentials. Credentials are cookies, authorization headers or TLS client certificates.
more.cors exposes the App.cors() class method.
This can be used to specify settings for a single view:
App.cors(
model=Root,
view_name='view2',
allowed_headers=['Cache-Control'],
expose_headers=['Cookie'],
allowed_origin='http://foo.com',
allow_credentials=True,
max_age=10
)- model
- Specifies the corresponding view model.
- view_name
- Is needed when you use a named view.
- allowed_headers, expose_headers, allowed_origin, allow_credentials, max_age
- The settings which can be specified. For details see Settings.