xdomain magic?

author: Leif Johansson <leifj@sunet.se> 2011-06-13 11:17:27 +0200
committer: Leif Johansson <leifj@sunet.se> 2011-06-13 11:17:27 +0200
commit: 13302bef1c1ae719a03d698f75e86cdab234a402 (patch)
tree: 6c6f06d581244a7a1f1526e4e7ea27b1f3f317af /src/meetingtools
parent: 69d15e96926819f2136d626041d850f36df67a88 (diff)
2 files changed, 45 insertions, 0 deletions
diff --git a/src/meetingtools/django-crossdomainxhr-middleware.py b/src/meetingtools/django-crossdomainxhr-middleware.py
new file mode 100644
index 0000000..f525b9a
--- /dev/null
+++ b/src/meetingtools/django-crossdomainxhr-middleware.py
@@ -0,0 +1,44 @@
+import re
+
+from django.utils.text import compress_string
+from django.utils.cache import patch_vary_headers
+
+from django import http
+
+try:
+    import settings 
+    XS_SHARING_ALLOWED_ORIGINS = settings.XS_SHARING_ALLOWED_ORIGINS
+    XS_SHARING_ALLOWED_METHODS = settings.XS_SHARING_ALLOWED_METHODS
+except:
+    XS_SHARING_ALLOWED_ORIGINS = '*'
+    XS_SHARING_ALLOWED_METHODS = ['POST','GET','OPTIONS', 'PUT', 'DELETE']
+
+
+class XsSharing(object):
+    """
+        This middleware allows cross-domain XHR using the html5 postMessage API.
+         
+
+        Access-Control-Allow-Origin: http://foo.example
+        Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
+    """
+    def process_request(self, request):
+
+        if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
+            response = http.HttpResponse()
+            response['Access-Control-Allow-Origin']  = XS_SHARING_ALLOWED_ORIGINS 
+            response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS ) 
+            
+            return response
+
+        return None
+
+    def process_response(self, request, response):
+        # Avoid unnecessary work
+        if response.has_header('Access-Control-Allow-Origin'):
+            return response
+
+        response['Access-Control-Allow-Origin']  = XS_SHARING_ALLOWED_ORIGINS 
+        response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
+
+        return response
+\ No newline at end of file
diff --git a/src/meetingtools/settings.py b/src/meetingtools/settings.py
index 8835de9..7c7cc41 100644
--- a/src/meetingtools/settings.py
+++ b/src/meetingtools/settings.py
@@ -80,6 +80,7 @@ TEMPLATE_LOADERS = (
 MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'meetingtools.urlmiddleware.UrlMiddleware',
+    'meetingtools.django-crossdomainxhr-middleware.XsSharing',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.auth.middleware.RemoteUserMiddleware'
author	Leif Johansson <leifj@sunet.se>	2011-06-13 11:17:27 +0200
committer	Leif Johansson <leifj@sunet.se>	2011-06-13 11:17:27 +0200
commit	13302bef1c1ae719a03d698f75e86cdab234a402 (patch)
tree	6c6f06d581244a7a1f1526e4e7ea27b1f3f317af /src/meetingtools
parent	69d15e96926819f2136d626041d850f36df67a88 (diff)