是否可以自动将Access-Control-Allow-Origin
标头添加到由金字塔中的ajax请求(带标头X-Requested-With
)启动的所有响应中?
答案 0 :(得分:16)
有几种方法可以做到这一点:1)像drnextgis这样的自定义请求工厂,NewRequest事件处理程序或补间。补间几乎肯定不是正确的方法,所以我不会表明这一点。这是事件处理程序版本:
def add_cors_headers_response_callback(event):
def cors_headers(request, response):
response.headers.update({
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'POST,GET,DELETE,PUT,OPTIONS',
'Access-Control-Allow-Headers': 'Origin, Content-Type, Accept, Authorization',
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Max-Age': '1728000',
})
event.request.add_response_callback(cors_headers)
from pyramid.events import NewRequest
config.add_subscriber(add_cors_headers_response_callback, NewRequest)
答案 1 :(得分:7)
我使用set_request_factory
解决了问题:
from pyramid.request import Request
from pyramid.request import Response
def request_factory(environ):
request = Request(environ)
if request.is_xhr:
request.response = Response()
request.response.headerlist = []
request.response.headerlist.extend(
(
('Access-Control-Allow-Origin', '*'),
('Content-Type', 'application/json')
)
)
return request
config.set_request_factory(request_factory)
答案 2 :(得分:1)
我通过创建响应回调:pyramid.events.NewResponse
cors.py
from pyramid.security import NO_PERMISSION_REQUIRED
def includeme(config):
config.add_directive(
'add_cors_preflight_handler', add_cors_preflight_handler)
config.add_route_predicate('cors_preflight', CorsPreflightPredicate)
config.add_subscriber(add_cors_to_response, 'pyramid.events.NewResponse')
class CorsPreflightPredicate(object):
def __init__(self, val, config):
self.val = val
def text(self):
return 'cors_preflight = %s' % bool(self.val)
phash = text
def __call__(self, context, request):
if not self.val:
return False
return (
request.method == 'OPTIONS' and
'HTTP_ORIGIN' in request.headers.environ and
'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.headers.environ
)
def add_cors_preflight_handler(config):
config.add_route(
'cors-options-preflight', '/{catch_all:.*}',
cors_preflight=True,
)
config.add_view(
cors_options_view,
route_name='cors-options-preflight',
permission=NO_PERMISSION_REQUIRED,
)
def add_cors_to_response(event):
request = event.request
response = event.response
if 'HTTP_ORIGIN' in request.headers.environ:
response.headers.update({
'Access-Control-Allow-Origin': '*',
'Access-Control-Expose-Headers': 'Content-Type,Date,Content-Length,Authorization,X-Request-ID',
'Access-Control-Allow-Methods': 'POST,GET,DELETE,PUT,OPTIONS',
'Access-Control-Allow-Headers': 'Origin, Content-Type, Accept, Accept-Language, Authorization ,X-Request-ID',
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Max-Age': '1728000',
})
def cors_options_view(context, request):
response = request.response
if 'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' in request.headers.environ:
response.headers.update({
'Access-Control-Allow-Origin': '*',
'Access-Control-Expose-Headers': 'Content-Type,Date,Content-Length,Authorization,X-Request-ID',
'Access-Control-Allow-Methods': 'POST,GET,DELETE,PUT,OPTIONS',
'Access-Control-Allow-Headers': 'Origin, Content-Type, Accept, Accept-Language, Authorization ,X-Request-ID',
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Max-Age': '1728000',
})
else:
response.headers['HTTP_ACCESS_CONTROL_ALLOW_HEADERS'] = (
'Origin,Content-Type,Accept,Accept-Language,Authorization,X-Request-ID')
return response
最后,在您自己的Configurator对象上添加以下两行:
# cors
config.include('FileManager.classes.cors')
# make sure to add this before other routes to intercept OPTIONS
config.add_cors_preflight_handler()
答案 3 :(得分:0)
这是另一种解决方案:
from pyramid.events import NewResponse, subscriber
@subscriber(NewResponse)
def add_cors_headers(event):
if event.request.is_xhr:
event.response.headers.update({
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET',
})