You can do that easily in web2py...
Below is a sample of a decorator that allows any origin.
Change it to fit your needs.
.
.
.
def cors_origin():
origin = request.env.http_origin
headers = {}
headers['Access-Control-Allow-Origin'] = origin
headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS, POST, HEAD, PUT'
headers['Access-Control-Allow-Headers'] = 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept'
headers['Access-Control-Allow-Credentials'] = 'true';
response.headers.update(headers)
if request.env.request_method == 'OPTIONS':
headers['Content-Type'] = None
raise HTTP(200, '', **headers)
def cors_allow(action):
def f(*args, **kwargs):
cors_origin()
return action(*args, **kwargs)
f.__doc__ = action.__doc__
f.__name__ = action.__name__
f.__dict__.update(action.__dict__)
return f