archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Allow cross-site requests

Browse Source 
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
This commit is contained in:
Sybren A. Stüvel 2016-05-02 13:42:23 +02:00
parent 57375bd0c4
commit 42ff638b48
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pillar/application/modules/file_storage.py
View File

@ -9,6 +9,7 @@ import bson.tz_util
import eve.utils import eve.utils
import pymongo import pymongo
from bson import ObjectId from bson import ObjectId
from bson.errors import InvalidId
from eve.methods.patch import patch_internal from eve.methods.patch import patch_internal
from eve.methods.post import post_internal from eve.methods.post import post_internal
from eve.methods.put import put_internal from eve.methods.put import put_internal
@ -19,6 +20,7 @@ from flask import send_from_directory
from flask import url_for, helpers from flask import url_for, helpers
from flask import current_app from flask import current_app
from flask import g from flask import g
from flask import make_response
from werkzeug.exceptions import NotFound, InternalServerError from werkzeug.exceptions import NotFound, InternalServerError
from application import utils from application import utils
@ -438,11 +440,9 @@ def create_file_doc(name, filename, content_type, length, project, backend='gcs'
return file_doc return file_doc
@file_storage.route('/stream/<string:project_id>', methods=['POST']) @file_storage.route('/stream/<string:project_id>', methods=['POST', 'OPTIONS'])
@require_login(require_roles={u'subscriber', u'admin', u'demo'})
def stream_to_gcs(project_id): def stream_to_gcs(project_id):
log.info('Streaming file to bucket for project %s', project_id)
uploaded_file = request.files['file']
projects = current_app.data.driver.db['projects'] projects = current_app.data.driver.db['projects']
try: try:
@ -452,6 +452,9 @@ def stream_to_gcs(project_id):
if not project: if not project:
raise NotFound('Project %s does not exist' % project_id) raise NotFound('Project %s does not exist' % project_id)
log.info('Streaming file to bucket for project %s', project_id)
uploaded_file = request.files['file']
file_id, internal_fname, status = create_file_doc_for_upload(project['_id'], uploaded_file) file_id, internal_fname, status = create_file_doc_for_upload(project['_id'], uploaded_file)
if uploaded_file.content_type.startswith('image/'): if uploaded_file.content_type.startswith('image/'):
@ -494,7 +497,21 @@ def stream_to_gcs(project_id):
log.debug('Handled uploaded file id=%s, fname=%s, size=%i', file_id, internal_fname, blob.size) log.debug('Handled uploaded file id=%s, fname=%s, size=%i', file_id, internal_fname, blob.size)
# Status is 200 if the file already existed, and 201 if it was newly created. # Status is 200 if the file already existed, and 201 if it was newly created.
return jsonify(status='ok', file_id=str(file_id)), status resp = jsonify(status='ok', file_id=str(file_id))
resp.status_code = status
add_access_control_headers(resp)
return resp
def add_access_control_headers(resp):
"""Allows cross-site requests from the configured domain."""
if 'Origin' not in request.headers:
return resp
resp.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
resp.headers['Access-Control-Allow-Credentials'] = 'true'
return resp
def update_file_doc(file_id, **updates): def update_file_doc(file_id, **updates):

3
pillar/settings.py
View File

@ -799,3 +799,6 @@ MONGO_DBNAME = os.environ.get('MONGO_DBNAME', 'eve')
CACHE_EXPIRES = 60 CACHE_EXPIRES = 60
HATEOAS = False HATEOAS = False
UPSET_ON_PUT = False # do not create new document on PUT of non-existant URL. UPSET_ON_PUT = False # do not create new document on PUT of non-existant URL.
X_DOMAINS = '*'
X_ALLOW_CREDENTIALS = True
X_HEADERS = 'Authorization'