Skip to content

Commit

Permalink
Add CORS headers to api requests (#1870)
Browse files Browse the repository at this point in the history 
This allows an external application to request data from the api via Javascript. In our specific case, we request JSON data from /api/graph and display it in an internal ops dashboard.
  • Loading branch information
@jessicaaustin @Tarrasch
jessicaaustin authored and Tarrasch committed Oct 4, 2016
1 parent 6a8ce3a commit 1a5b641
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
3 changes: 3 additions & 0 deletions luigi/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ class RPCHandler(tornado.web.RequestHandler):

def initialize(self, scheduler):
self._scheduler = scheduler
self.set_header("Access-Control-Allow-Headers", "Accept, Authorization, Content-Type, Origin")
self.set_header("Access-Control-Allow-Methods", "GET, OPTIONS")
self.set_header("Access-Control-Allow-Origin", "*")

def get(self, method):
if method not in RPC_METHODS:
Expand Down
11 changes: 11 additions & 0 deletions test/server_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,17 @@ def test_404(self):
def test_api_404(self):
self._test_404('/api/foo')

def test_api_cors_headers(self):
response = self.fetch('/api/graph')
headers = dict(response.headers)

def _set(name):
return set(headers[name].replace(" ", "").split(","))

self.assertSetEqual(_set("Access-Control-Allow-Headers"), {"Content-Type", "Accept", "Authorization", "Origin"})
self.assertSetEqual(_set("Access-Control-Allow-Methods"), {"GET", "OPTIONS"})
self.assertEqual(headers["Access-Control-Allow-Origin"], "*")


class _ServerTest(unittest.TestCase):
"""
Expand Down

0 comments on commit 1a5b641

Please sign in to comment.