Added pillar.auth.cors.allow() decorator
Use this decorator on Flask endpoints that should respond with CORS
headers. These headers are sent in a reply when the browser sends an
`Origin` request header; for more info see [1].
This commit rolls back the previous commit (0ee1d0d3), as this new
approach with a separate decorator is both easier to use and less
error-prone.
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
This commit is contained in:
@@ -289,8 +289,7 @@ def require_login(*, require_roles=set(),
|
||||
require_cap='',
|
||||
require_all=False,
|
||||
redirect_to_login=False,
|
||||
error_view=None,
|
||||
error_headers: typing.Optional[typing.Dict[str, str]]=None):
|
||||
error_view=None):
|
||||
"""Decorator that enforces users to authenticate.
|
||||
|
||||
Optionally only allows access to users with a certain role and/or capability.
|
||||
@@ -314,7 +313,6 @@ def require_login(*, require_roles=set(),
|
||||
requests, and mimicks the flask_login behaviour.
|
||||
:param error_view: Callable that returns a Flask response object. This is
|
||||
sent back to the client instead of the default 403 Forbidden.
|
||||
:param error_headers: HTTP headers to include in error responses.
|
||||
"""
|
||||
|
||||
from flask import request, redirect, url_for, Response
|
||||
@@ -337,14 +335,6 @@ def require_login(*, require_roles=set(),
|
||||
else:
|
||||
resp = error_view()
|
||||
resp.status_code = 403
|
||||
if error_headers:
|
||||
for header_name, header_value in error_headers.items():
|
||||
resp.headers.set(header_name, header_value)
|
||||
|
||||
if 'Access-Control-Allow-Origin' in error_headers:
|
||||
origin = request.headers.get('Origin', '')
|
||||
resp.headers.set('Access-Control-Allow-Origin', origin)
|
||||
|
||||
return resp
|
||||
|
||||
def decorator(func):
|
||||
|
||||
Reference in New Issue
Block a user