From 72420b3cd4fb1367b598523ed4f3b50cd3205af2 Mon Sep 17 00:00:00 2001 From: Lou Wolford Date: Mon, 21 Mar 2016 14:36:13 -0400 Subject: [PATCH 1/3] fixed origin header --- adl_lrs/utils/AllowOriginMiddleware.py | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/adl_lrs/utils/AllowOriginMiddleware.py b/adl_lrs/utils/AllowOriginMiddleware.py index 7048b4ec..02d8f9b7 100644 --- a/adl_lrs/utils/AllowOriginMiddleware.py +++ b/adl_lrs/utils/AllowOriginMiddleware.py @@ -1,13 +1,19 @@ from django.http import HttpResponse class AllowOriginMiddleware(object): - def process_request(self, request): - if request.method == 'OPTIONS': - return HttpResponse() + def process_request(self, request): + if request.method == 'OPTIONS': + return HttpResponse() - def process_response(self, request, response): - response['Access-Control-Allow-Origin'] = '*' - response['Access-Control-Allow-Methods'] = 'HEAD, POST, GET, OPTIONS, DELETE, PUT' - response['Access-Control-Allow-Headers'] = 'Content-Type,Content-Length,Authorization,If-Match,If-None-Match,X-Experience-API-Version, Accept-Language' - response['Access-Control-Expose-Headers'] = 'ETag,Last-Modified,Cache-Control,Content-Type,Content-Length,WWW-Authenticate,X-Experience-API-Version, Accept-Language' - return response \ No newline at end of file + def process_response(self, request, response): + protocol = 'https' if request.is_secure() else 'http' + port = None + if 'SERVER_PORT' in request.META: + port = request.META['SERVER_PORT'] + response['Access-Control-Allow-Origin'] = "%s://%s:%s" % (protocol, request.META['SERVER_NAME'], port) + else: + response['Access-Control-Allow-Origin'] = "%s://%s" % (protocol, request.META['SERVER_NAME']) + response['Access-Control-Allow-Methods'] = 'HEAD, POST, GET, OPTIONS, DELETE, PUT' + response['Access-Control-Allow-Headers'] = 'Content-Type,Content-Length,Authorization,If-Match,If-None-Match,X-Experience-API-Version, Accept-Language' + response['Access-Control-Expose-Headers'] = 'ETag,Last-Modified,Cache-Control,Content-Type,Content-Length,WWW-Authenticate,X-Experience-API-Version, Accept-Language' + return response \ No newline at end of file From 7d84bed2933507fc85bb7c37ec49bd16ae65f6d8 Mon Sep 17 00:00:00 2001 From: Lou Wolford Date: Mon, 21 Mar 2016 22:20:45 -0400 Subject: [PATCH 2/3] added django cors --- adl_lrs/settings.py | 32 +++++++++++++++++++++++++++++++- requirements.txt | 1 + 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/adl_lrs/settings.py b/adl_lrs/settings.py index c574167b..8c7d0698 100644 --- a/adl_lrs/settings.py +++ b/adl_lrs/settings.py @@ -183,12 +183,41 @@ "django.contrib.messages.context_processors.messages" ) +CORS_ORIGIN_ALLOW_ALL = True +CORS_ALLOW_CREDENTIALS = True +CORS_ALLOW_METHODS = ( + 'HEAD', + 'POST', + 'GET', + 'OPTIONS', + 'DELETE', + 'PUT' +) +CORS_ALLOW_HEADERS = ( + 'Content-Type', + 'Content-Length', + 'Authorization', + 'If-Match', + 'If-None-Match', + 'X-Experience-API-Version', + 'Accept-Language' +) +CORS_EXPOSE_HEADERS = ( + 'ETag', + 'Last-Modified', + 'Cache-Control', + 'Content-Type', + 'Content-Length', + 'WWW-Authenticate', + 'X-Experience-API-Version', + 'Accept-Language' +) MIDDLEWARE_CLASSES = ( + 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', - 'adl_lrs.utils.AllowOriginMiddleware.AllowOriginMiddleware', # Uncomment the next line for simple clickjacking protection: 'django.middleware.clickjacking.XFrameOptionsMiddleware', ) @@ -222,6 +251,7 @@ 'jsonify', 'south', 'endless_pagination', + 'corsheaders', ) REQUEST_HANDLER_LOG_DIR = path.join(PROJECT_ROOT, 'logs/django_request.log') diff --git a/requirements.txt b/requirements.txt index b2f92006..b1a5a229 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,6 +5,7 @@ bencode==1.0 psycopg2==2.5 isodate==0.4.9 pycrypto==2.5 +django-cors-headers==1.1.0 django-extensions==1.1.1 jsonfield==0.9.19 oauth2==1.5.211 From 7b90aaaed474e8d93eddb41a68a5ab94a55a48ef Mon Sep 17 00:00:00 2001 From: Lou Wolford Date: Mon, 21 Mar 2016 22:31:20 -0400 Subject: [PATCH 3/3] removed unused middleware --- adl_lrs/utils/AllowOriginMiddleware.py | 19 ------------------- adl_lrs/utils/__init__.py | 0 lrs/views.py | 2 +- 3 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 adl_lrs/utils/AllowOriginMiddleware.py delete mode 100644 adl_lrs/utils/__init__.py diff --git a/adl_lrs/utils/AllowOriginMiddleware.py b/adl_lrs/utils/AllowOriginMiddleware.py deleted file mode 100644 index 02d8f9b7..00000000 --- a/adl_lrs/utils/AllowOriginMiddleware.py +++ /dev/null @@ -1,19 +0,0 @@ -from django.http import HttpResponse - -class AllowOriginMiddleware(object): - def process_request(self, request): - if request.method == 'OPTIONS': - return HttpResponse() - - def process_response(self, request, response): - protocol = 'https' if request.is_secure() else 'http' - port = None - if 'SERVER_PORT' in request.META: - port = request.META['SERVER_PORT'] - response['Access-Control-Allow-Origin'] = "%s://%s:%s" % (protocol, request.META['SERVER_NAME'], port) - else: - response['Access-Control-Allow-Origin'] = "%s://%s" % (protocol, request.META['SERVER_NAME']) - response['Access-Control-Allow-Methods'] = 'HEAD, POST, GET, OPTIONS, DELETE, PUT' - response['Access-Control-Allow-Headers'] = 'Content-Type,Content-Length,Authorization,If-Match,If-None-Match,X-Experience-API-Version, Accept-Language' - response['Access-Control-Expose-Headers'] = 'ETag,Last-Modified,Cache-Control,Content-Type,Content-Length,WWW-Authenticate,X-Experience-API-Version, Accept-Language' - return response \ No newline at end of file diff --git a/adl_lrs/utils/__init__.py b/adl_lrs/utils/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/lrs/views.py b/lrs/views.py index fcb53460..ac1a7777 100644 --- a/lrs/views.py +++ b/lrs/views.py @@ -65,7 +65,7 @@ def about(request): } } } - } + } return HttpResponse(json.dumps(lrs_data), mimetype="application/json", status=200) @require_http_methods(["GET", "HEAD"])