Cornice and CORS

14 views
Skip to first unread message

Lorenzo Gil Sanchez

unread,
Feb 26, 2012, 8:53:10 AM2/26/12
to servic...@mozilla.org
Hi everybody,

I have a question about Cornice and its use on a CORS (Cross-Origin
Resource Sharing) [1] environment. What's the best way to return a
Access-Control-Allow-Origin response header so the browser can
continue the CORS handshake? I was thinking about using a Pyramid
Response Callback [2] connected through a subscriber of a NewRequest
event but I don't know if there is a simpler/better way.

Sorry if this is not the appropiate mailing list for this kind of
question. If so, please tell me where to discuss this topic.

By the way, thank you for Cornice. I really appreciate how simple it
is to build an API rest with it.

Best regards,

Lorenzo Gil

[1] https://developer.mozilla.org/En/HTTP_Access_Control
[2] http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/narr/hooks.html#using-response-callbacks
_______________________________________________
Services-dev mailing list
Servic...@mozilla.org
https://mail.mozilla.org/listinfo/services-dev

Alexis Métaireau

unread,
Feb 26, 2012, 1:12:20 PM2/26/12
to servic...@mozilla.org
Hi Lorenzo,

Yes, I guess this is the appropriate mailing list to discuss this, at
least for now. We could offload the discussions to another location if
that's needed at some point, but that's fine for now.

The current master allows you to register validators and filters [1],
which can be useful in your case. You could for instance register a
filter which adds the headers you want.

If you think this should be handled in a different way in cornice,
please let us know so we can see how we can implement this in a
different way.

Thanks for the feedback,

Alexis Métaireau

[1]
https://github.com/mozilla-services/cornice/blob/master/docs/source/validation.rst

Lorenzo Gil Sanchez

unread,
Feb 26, 2012, 2:54:28 PM2/26/12
to Alexis Métaireau, servic...@mozilla.org
Hi Alexis

2012/2/26 Alexis Métaireau <ale...@mozilla.com>:


> Hi Lorenzo,
>
> Yes, I guess this is the appropriate mailing list to discuss this, at least
> for now. We could offload the discussions to another location if that's
> needed at some point, but that's fine for now.
>
> The current master allows you to register validators and filters [1], which
> can be useful in your case. You could for instance register a filter which
> adds the headers you want.

I'm using Cornice 0.6 but I'll probably use the filters functionality
once 0.7 is released.

Until then I found a solution using lower level Pyramid features:

ALLOWED_ORIGIN = ('http://localhost', )

def add_cors_headers_response_callback(event):

def cors_headers(request, response):
if 'Origin' in request.headers:
origin = request.headers['Origin']
if origin in ALLOWED_ORIGIN:
response.headers['Access-Control-Allow-Origin'] = origin

event.request.add_response_callback(cors_headers)

And from the main function of the __init__.py module I register this
subscriber with:

from pyramid.events import NewRequest
config.add_subscriber(add_cors_headers_response_callback, NewRequest)

Nevertheless I prefer your solution since its a little bit easier.

Thanks a lot!

Reply all
Reply to author
Forward
0 new messages