On Thu, Jun 8, 2017 at 12:11 AM, Fang-Pen Lin <borns...@gmail.com> wrote:
> Kind of able to do what I want, but still, it's not really ideal, as it > applies to the whole app. Sometimes, I want to have fine-grand control over > CORS for different endpoints. > > For example, I may can define something like > > @view_config(request_method='PUT', permission='update', > cors_allowed_origin='http://foobar.com') > def put(self): > # update user here > return user > > see the "cors_allow_origin" I added to view_config for this put method. > There are also other things I can add. > You can do *exactly* this with view derivers [1]. You can even wrap every view in your app and then provide an opt-out on a per-view basis if you wanted. The trickiest part here is that you still need to define a view that handles pre-flight OPTIONS requests. The two best options I can think of right now are: 1. Define a global catch-all route+view and coordinate it with a view deriver in order to build up a registry of views that want CORS protections. The global route+view could use this registry to determine how to return rules for various requests. 2. Define an action like `config.add_cors_route` that would register a route and an OPTIONS view automatically. This would avoid needing anything defined on the views themselves. For non-preflight requests you can add a subscriber that adds headers to the responses generated by these routes. As far as implementing the CORS state machine, I have a gist [2] that I wrote a while ago and have used successfully in some apps. It works globally (probably similar to wsgicors) but it may serve as a good a example of things to do when making a per-route or per-view solution. [1] http://docs.pylonsproject.org/projects/pyramid/en/1.8-branch/narr/hooks.html#view-derivers [2] https://gist.github.com/mmerickel/1afaf64154b335b596e4 -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwFX1t75a2r7rFL%3DGBmytpMmu_tEzgHYfkYX%3DcTO18YKKQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
