Skip to content
Browse files

[ADD] Cross-Origin Resource Sharing support as http.route() argument

bzr revid:
  • Loading branch information...
amigrave committed Jan 30, 2014
1 parent 20fc20a commit 9cce88ab6a399881b9d1774a717a030c7e575913
Showing with 9 additions and 1 deletion.
  1. +9 −1 openerp/
@@ -207,7 +207,7 @@ def registry_cr(self):
warnings.warn('please use request.registry and directly', DeprecationWarning)
yield (self.registry,

def route(route, type="http", auth="user", methods=None):
def route(route, type="http", auth="user", methods=None, cors=None):
Decorator marking the decorated method as being a handler for requests. The method must be part of a subclass
of ``Controller``.
@@ -225,6 +225,7 @@ def route(route, type="http", auth="user", methods=None):
authentication modules. There request code will not have any facilities to access the database nor have any
configuration indicating the current database nor the current user.
:param methods: A sequence of http methods this route applies to. If not specified, all methods are allowed.
:param cors: The Access-Control-Allow-Origin cors directive value.
assert type in ["http", "json"]
def decorator(f):
@@ -234,6 +235,7 @@ def decorator(f):
f.routes = [route]
f.methods = methods = type
f.cors = cors
if getattr(f, "auth", None) is None:
f.auth = auth
return f
@@ -955,6 +957,12 @@ def get_response(self, httprequest, result, explicit_session):
if not explicit_session and hasattr(response, 'set_cookie'):
response.set_cookie('session_id', httprequest.session.sid, max_age=90 * 24 * 60 * 60)

# Support for Cross-Origin Resource Sharing
if request.func.cors:
response.headers.set('Access-Control-Allow-Origin', request.func.cors)
if request.func.methods:
response.headers.set('Access-Control-Allow-Methods', ','.join(request.func.methods))

return response

def dispatch(self, environ, start_response):

0 comments on commit 9cce88a

Please sign in to comment.
You can’t perform that action at this time.