diff options
Diffstat (limited to 'src/meetingtools')
-rw-r--r-- | src/meetingtools/django-crossdomainxhr-middleware.py | 44 | ||||
-rw-r--r-- | src/meetingtools/settings.py | 1 |
2 files changed, 45 insertions, 0 deletions
diff --git a/src/meetingtools/django-crossdomainxhr-middleware.py b/src/meetingtools/django-crossdomainxhr-middleware.py new file mode 100644 index 0000000..f525b9a --- /dev/null +++ b/src/meetingtools/django-crossdomainxhr-middleware.py @@ -0,0 +1,44 @@ +import re + +from django.utils.text import compress_string +from django.utils.cache import patch_vary_headers + +from django import http + +try: + import settings + XS_SHARING_ALLOWED_ORIGINS = settings.XS_SHARING_ALLOWED_ORIGINS + XS_SHARING_ALLOWED_METHODS = settings.XS_SHARING_ALLOWED_METHODS +except: + XS_SHARING_ALLOWED_ORIGINS = '*' + XS_SHARING_ALLOWED_METHODS = ['POST','GET','OPTIONS', 'PUT', 'DELETE'] + + +class XsSharing(object): + """ + This middleware allows cross-domain XHR using the html5 postMessage API. + + + Access-Control-Allow-Origin: http://foo.example + Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE + """ + def process_request(self, request): + + if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META: + response = http.HttpResponse() + response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS + response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS ) + + return response + + return None + + def process_response(self, request, response): + # Avoid unnecessary work + if response.has_header('Access-Control-Allow-Origin'): + return response + + response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS + response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS ) + + return response
\ No newline at end of file diff --git a/src/meetingtools/settings.py b/src/meetingtools/settings.py index 8835de9..7c7cc41 100644 --- a/src/meetingtools/settings.py +++ b/src/meetingtools/settings.py @@ -80,6 +80,7 @@ TEMPLATE_LOADERS = ( MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'meetingtools.urlmiddleware.UrlMiddleware', + 'meetingtools.django-crossdomainxhr-middleware.XsSharing', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.RemoteUserMiddleware' |