Bug 1088752: Add Shape of the Web app to serve JSON.

Shape of the Web is a standalone site that pulls data from JSON files.
In order to make the l10n easier initially, we’re going to host the
JSON files on Bedrock to take advantage of the existing l10n process.

Also adds a middleware to handle adding CORS headers to the locale
redirects when loading the JSON.

bedrock/mozorg/middleware.py

@@ -4,6 +4,7 @@
 
 import datetime
 from email.utils import formatdate
+import re
 import time
 
 from django.conf import settings
@@ -45,3 +46,17 @@ def process_view(self, request, view, view_args, view_kwargs):
         else:
             f = super(MozorgRequestTimingMiddleware, self)
             f.process_view(request, view, view_args, view_kwargs)
+
+
+class CrossOriginResourceSharingMiddleware(object):
+
+    def process_response(self, request, response):
+        """
+        If the URL pattern for the request matches one of those
+        in the CORS_URLS setting, apply the matching
+        Access-Control-Allow-Origin header to the response.
+        """
+        for pattern, origin in settings.CORS_URLS.items():
+            if re.search(pattern, request.path):
+                response['Access-Control-Allow-Origin'] = origin
+        return response

bedrock/mozorg/tests/test_middleware.py

@@ -0,0 +1,39 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+from django.http import HttpRequest, HttpResponse
+
+from bedrock.mozorg.middleware import CrossOriginResourceSharingMiddleware
+from bedrock.mozorg.tests import TestCase
+
+
+class TestCrossOriginResourceSharingMiddleware(TestCase):
+    def setUp(self):
+        self.middleware = CrossOriginResourceSharingMiddleware()
+        self.request = HttpRequest()
+        self.response = HttpResponse()
+
+    def test_match(self):
+        self.request.path = '/foo/bar/baz/'
+
+        cors_urls = {r'^/foo/bar': '*'}
+        with self.settings(CORS_URLS=cors_urls):
+            self.middleware.process_response(self.request, self.response)
+            self.assertEqual(self.response['Access-Control-Allow-Origin'], '*')
+
+    def test_middle_match(self):
+        # Ensure that matches in the middle of the URL work.
+        self.request.path = '/foo/bar/baz/'
+
+        cors_urls = {r'/bar': '*'}
+        with self.settings(CORS_URLS=cors_urls):
+            self.middleware.process_response(self.request, self.response)
+            self.assertEqual(self.response['Access-Control-Allow-Origin'], '*')
+
+    def test_no_match(self):
+        self.request.path = '/foo/bar/baz/'
+
+        cors_urls = {r'^/biff/bak': '*'}
+        with self.settings(CORS_URLS=cors_urls):
+            self.middleware.process_response(self.request, self.response)
+            self.assertFalse('Access-Control-Allow-Origin' in self.response)

bedrock/settings/base.py

@@ -1057,6 +1057,7 @@ def JINJA_CONFIG():
     'dnt.middleware.DoNotTrackMiddleware',
     'lib.l10n_utils.middleware.FixLangFileTranslationsMiddleware',
     'bedrock.mozorg.middleware.ConditionalAuthMiddleware',
+    'bedrock.mozorg.middleware.CrossOriginResourceSharingMiddleware',
 ))
 
 AUTHENTICATED_URL_PREFIXES = ('/admin/', '/rna/')
@@ -1106,6 +1107,7 @@ def JINJA_CONFIG():
     '%s.events' % PROJECT_MODULE,
     '%s.releasenotes' % PROJECT_MODULE,
     '%s.thunderbird' % PROJECT_MODULE,
+    '%s.shapeoftheweb' % PROJECT_MODULE,
 
     # libs
     'django_extensions',
@@ -1416,6 +1418,10 @@ def facebook_tab_url_lazy():
 MOFO_SECURITY_ADVISORIES_PATH = path('mofo_security_advisories')
 MOFO_SECURITY_ADVISORIES_REPO = 'https://github.com/mozilla/foundation-security-advisories.git'
 
+CORS_URLS = {
+    r'^/([a-zA-Z-]+/)?shapeoftheweb': '*',
+}
+
 LOGGING = {
     'root': {
         'level': 'WARNING',