I have a question about Cornice and its use on a CORS (Cross-Origin
Resource Sharing) [1] environment. What's the best way to return a
Access-Control-Allow-Origin response header so the browser can
continue the CORS handshake? I was thinking about using a Pyramid
Response Callback [2] connected through a subscriber of a NewRequest
event but I don't know if there is a simpler/better way.
Sorry if this is not the appropiate mailing list for this kind of
question. If so, please tell me where to discuss this topic.
By the way, thank you for Cornice. I really appreciate how simple it
is to build an API rest with it.
Best regards,
Lorenzo Gil
[1] https://developer.mozilla.org/En/HTTP_Access_Control
[2] http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/narr/hooks.html#using-response-callbacks
_______________________________________________
Services-dev mailing list
Servic...@mozilla.org
https://mail.mozilla.org/listinfo/services-dev
Yes, I guess this is the appropriate mailing list to discuss this, at
least for now. We could offload the discussions to another location if
that's needed at some point, but that's fine for now.
The current master allows you to register validators and filters [1],
which can be useful in your case. You could for instance register a
filter which adds the headers you want.
If you think this should be handled in a different way in cornice,
please let us know so we can see how we can implement this in a
different way.
Thanks for the feedback,
Alexis Métaireau
[1]
https://github.com/mozilla-services/cornice/blob/master/docs/source/validation.rst
2012/2/26 Alexis Métaireau <ale...@mozilla.com>:
> Hi Lorenzo,
>
> Yes, I guess this is the appropriate mailing list to discuss this, at least
> for now. We could offload the discussions to another location if that's
> needed at some point, but that's fine for now.
>
> The current master allows you to register validators and filters [1], which
> can be useful in your case. You could for instance register a filter which
> adds the headers you want.
I'm using Cornice 0.6 but I'll probably use the filters functionality
once 0.7 is released.
Until then I found a solution using lower level Pyramid features:
ALLOWED_ORIGIN = ('http://localhost', )
def add_cors_headers_response_callback(event):
def cors_headers(request, response):
if 'Origin' in request.headers:
origin = request.headers['Origin']
if origin in ALLOWED_ORIGIN:
response.headers['Access-Control-Allow-Origin'] = origin
event.request.add_response_callback(cors_headers)
And from the main function of the __init__.py module I register this
subscriber with:
from pyramid.events import NewRequest
config.add_subscriber(add_cors_headers_response_callback, NewRequest)
Nevertheless I prefer your solution since its a little bit easier.
Thanks a lot!