Merge pull request #29 from mozilla/13-add-cors-support

Add CORS support.

CHANGELOG.rst

@@ -11,3 +11,4 @@ CHANGELOG
 - Add the contribute.json endpoint (#25)
 - Add the bedrock security-advisories bot (#26)
 - Add the product-details bot (#27)
+- Add CORS support (#28)

pollbot/app.py

@@ -1,21 +1,32 @@
 from aiohttp import web
+import aiohttp_cors
 from .views import home, release, utilities
 
 
 def get_app(loop=None):
     app = web.Application(loop=loop)
-    app.router.add_get('/', home.redirect)  # Redirects to /v1/
-    app.router.add_get('/v1', home.redirect)  # Redirects to /v1/
-    app.router.add_get('/contribute.json', utilities.contribute_json)
-    app.router.add_get('/v1/', home.index)
-    app.router.add_get('/v1/__api__', utilities.oas_spec)
-    app.router.add_get('/v1/{product}/{version}/archive', release.archive)
-    app.router.add_get('/v1/{product}/{version}/bedrock/release-notes',
-                       release.bedrock_release_notes)
-    app.router.add_get('/v1/{product}/{version}/bedrock/security-advisories',
-                       release.bedrock_security_advisories)
-    app.router.add_get('/v1/{product}/{version}/bedrock/download-links',
-                       release.bedrock_download_links)
-    app.router.add_get('/v1/{product}/{version}/product-details',
-                       release.product_details)
+
+    # Allow Web Application calls.
+    cors = aiohttp_cors.setup(app, defaults={
+        "*": aiohttp_cors.ResourceOptions(
+            allow_credentials=True,
+            expose_headers="*",
+            allow_headers="*",
+        )
+    })
+
+    cors.add(app.router.add_get('/', home.redirect))  # Redirects to /v1/
+    cors.add(app.router.add_get('/v1', home.redirect))  # Redirects to /v1/
+    cors.add(app.router.add_get('/contribute.json', utilities.contribute_json))
+    cors.add(app.router.add_get('/v1/', home.index))
+    cors.add(app.router.add_get('/v1/__api__', utilities.oas_spec))
+    cors.add(app.router.add_get('/v1/{product}/{version}/archive', release.archive))
+    cors.add(app.router.add_get('/v1/{product}/{version}/bedrock/release-notes',
+                                release.bedrock_release_notes))
+    cors.add(app.router.add_get('/v1/{product}/{version}/bedrock/security-advisories',
+                                release.bedrock_security_advisories))
+    cors.add(app.router.add_get('/v1/{product}/{version}/bedrock/download-links',
+                                release.bedrock_download_links))
+    cors.add(app.router.add_get('/v1/{product}/{version}/product-details',
+                                release.product_details))
     return app

setup.py

@@ -18,6 +18,7 @@ def read_file(filename):
 
 REQUIREMENTS = [
     'aiohttp',
+    'aiohttp_cors',
     'ruamel.yaml',
     'pyquery',
 ]

tests/test_cors.py

@@ -0,0 +1,34 @@
+import pytest
+from pollbot.app import get_app
+
+
+@pytest.fixture
+def cli(loop, test_client):
+    return loop.run_until_complete(test_client(get_app(loop=loop)))
+
+
+async def check_cors(cli, url):
+    resp = await cli.get(url, headers={"Origin": "http://localhost"}, allow_redirects=False)
+    assert 'Access-Control-Allow-Origin' in resp.headers
+    assert 'Access-Control-Allow-Credentials' in resp.headers
+    assert 'Access-Control-Expose-Headers' in resp.headers
+
+
+async def test_route_have_cors_enabled(cli):
+    app = get_app()
+    for r in app.router.resources():
+        info = r.get_info()
+        if 'path' in info:
+            url = info['path']
+        elif 'formatter' in info:
+            formatter = info['formatter']
+            if '{product}' in formatter:
+                formatter = formatter.replace('{product}', 'firefox')
+            if '{version}' in formatter:
+                formatter = formatter.replace('{version}', '52.0')
+        else:
+            # A new case to handle
+            import pdb
+            pdb.set_trace()
+
+        await check_cors(cli, url)