Handling hTTP OPTIONS request

[Raja Naresh]

Hello Everyone, 

Is there a way I can handle HTTP OPTIONS request in pyramid? I am trying to make a CORS request with a custom header hence it's preflighted and I want to handle the HTTP OPTIONS request. Any kind of help is appreciated. Thank you.

[Wichert Akkerman]

On 13 Dec 2014, at 19:52, Raja Naresh <rajana...@gmail.com> wrote:

Hello Everyone, 

Is there a way I can handle HTTP OPTIONS request in pyramid? I am trying to make a CORS request with a custom header hence it's preflighted and I want to handle the HTTP OPTIONS request. Any kind of help is appreciated. Thank you.

Handling OPTIONS is no different than handling any other request method as fast as Pyramid is concerned. The simplest way to do that is to specify the request_method parameter for the view_config decorator:

@view_config(route_name=‘my-route’, request_method=‘OPTIONS’, renderer=’string'):

def my_route_options(context, request):

    request.response.headers.update({

        ‘Access-Control-Allow-Methods’: ‘POST,GET,OPTIONS’,

        ‘Access-Control-Allow-Credentials’: ‘true’})

    return ''

If you are writing a REST backend you may also want to look at rest-toolkit (see http://rest-toolkit.readthedocs.org/en/latest/ ) which will automatically handle OPTIONS for you.

Regards,

Wichert.

[prem anand lakshmanan]

Hello,

I have a similar issue. Added this piece of code in my python application but I see still get the CORS error. I thought this code will be generic for all the request. Should I add request.method=options for each and every POST method?

def add_cors_headers_response_callback(event):

def cors_headers(request, response):

response.headers['Access-Control-Allow-Origin'] = '*'

response.headers['Access-Control-Allow-Methods'] = 'POST,GET,DELETE,PUT,OPTIONS'

response.headers['Access-Control-Allow-Headers'] = 'access-control-allow-origin,content-type'

response.headers['Access-Control-Allow-Credentials'] = 'true'

event.request.add_response_callback(cors_headers)

def main(global_config, **settings):

""" This function returns a Pyramid WSGI application.

"""

with Configurator(settings=settings) as config:

config.include('pyramid_jinja2')

config.set_security_policy(

SecurityPolicy(

secret=settings['invest_web.secret']

),

)

config.add_subscriber(add_cors_headers_response_callback, NewRequest)

config.include('.routes')

config.include('.models')

config.scan()

return config.make_wsgi_app()

[prem anand lakshmanan]

Here is the chrome error - 

[Theron Luhn]

If you want to have CORS preflights for any and all endpoints, you can use a WSGI middleware https://pypi.org/project/wsgicors/ or a Pyramid extension https://pypi.org/project/pyramid-default-cors/

Basically it's just a catch-all endpoint on the OPTIONS method:  https://github.com/GoodRx/pyramid_default_cors/blob/7ec69ae3219c26c0ba625cb75b7a15a08ad4546d/pyramid_default_cors/__init__.py#L56-L63

— Theron

On Aug 26, 2023, at 5:58 AM, prem anand lakshmanan <prem...@gmail.com> wrote:

Here is the chrome error - 

-- 
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/c36a2607-ef5d-4381-8c6d-a5b01f4c5eebn%40googlegroups.com.
<cors.png>

[prem anand lakshmanan]

That worked, thanks