summaryrefslogtreecommitdiff
path: root/src/meetingtools/django-crossdomainxhr-middleware.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/meetingtools/django-crossdomainxhr-middleware.py')
-rw-r--r--src/meetingtools/django-crossdomainxhr-middleware.py44
1 files changed, 44 insertions, 0 deletions
diff --git a/src/meetingtools/django-crossdomainxhr-middleware.py b/src/meetingtools/django-crossdomainxhr-middleware.py
new file mode 100644
index 0000000..f525b9a
--- /dev/null
+++ b/src/meetingtools/django-crossdomainxhr-middleware.py
@@ -0,0 +1,44 @@
+import re
+
+from django.utils.text import compress_string
+from django.utils.cache import patch_vary_headers
+
+from django import http
+
+try:
+ import settings
+ XS_SHARING_ALLOWED_ORIGINS = settings.XS_SHARING_ALLOWED_ORIGINS
+ XS_SHARING_ALLOWED_METHODS = settings.XS_SHARING_ALLOWED_METHODS
+except:
+ XS_SHARING_ALLOWED_ORIGINS = '*'
+ XS_SHARING_ALLOWED_METHODS = ['POST','GET','OPTIONS', 'PUT', 'DELETE']
+
+
+class XsSharing(object):
+ """
+ This middleware allows cross-domain XHR using the html5 postMessage API.
+
+
+ Access-Control-Allow-Origin: http://foo.example
+ Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
+ """
+ def process_request(self, request):
+
+ if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
+ response = http.HttpResponse()
+ response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
+ response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
+
+ return response
+
+ return None
+
+ def process_response(self, request, response):
+ # Avoid unnecessary work
+ if response.has_header('Access-Control-Allow-Origin'):
+ return response
+
+ response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
+ response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
+
+ return response \ No newline at end of file
generated by cgit v1.1 at 2025-01-01 04:12:55 +0000