librelist archives

« back to archive

Enable CORS

Enable CORS

From:
Sumej
Date:
2015-05-11 @ 11:34
Hello, 
I try to setup headers: origin_domain = req.get_header("Origin", required=True) 
resp.set_headers({             'Cache-Control': 'no-store, 
must-revalidate, no-cache, max-age=0',             'Content-Type': 
'application/json; charset=utf-8',             
'Access-Control-Allow-Credentials': 'true',             'Server': 
SERVER_NAME,             'Access-Control-Allow-Origin': ['*' if 
CORS_ACTIVE else SERVER_NAME],             'Access-Control-Allow-Headers':
'Origin, X-Requested-With, Content-Type, Accept, x-auth-user, 
x-auth-password, Authorization',             
'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS, DELETE'         
}) 
but I don't see those headers: 0.1.10 & 0.2.0 
Regards. 

Re: [falcon] Enable CORS

From:
Oscar Carballal
Date:
2015-05-11 @ 11:47
Could you be a bit more specific? That code seems pulled directly from my
project...

In my project I'm using 0.2.0 and it works perfectly fine :)

Regards,
Oscar

--
Oscar Carballal Prego - Senior Software Developer
http://oscarcp.com | @pizte

On 11 May 2015 at 12:34, Sumej <valeranew@ukr.net> wrote:

> Hello,
>
> I try to setup headers:
> origin_domain = req.get_header("Origin", required=True)
> resp.set_headers({
>             'Cache-Control': 'no-store, must-revalidate, no-cache,
> max-age=0',
>             'Content-Type': 'application/json; charset=utf-8',
>             'Access-Control-Allow-Credentials': 'true',
>             'Server': SERVER_NAME,
>             'Access-Control-Allow-Origin': ['*' if CORS_ACTIVE else
> SERVER_NAME],
>             'Access-Control-Allow-Headers': 'Origin, X-Requested-With,
> Content-Type, Accept, x-auth-user, x-auth-password, Authorization',
>             'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS,
> DELETE'
>         })
>
> but I don't see those headers: 0.1.10 & 0.2.0
>
> Regards.
>

Re[2]: [falcon] Enable CORS

From:
Sumej
Date:
2015-05-11 @ 12:27
Hi, I copied 
from https://github.com/clione/sikre/blob/master/sikre/middleware/headers.py
code: 
But it not worked because: # python2.7 Python 2.7.3 (default, Dec 18 2014,
19:10:20) [GCC 4.6.3] on linux2 Type "help", "copyright", "credits" or 
"license" for more information. >>> import re >>> expression = 
re.compile("^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w 
\.-]*)*\/?$") Traceback (most recent call last):   File "<stdin>", line 1,
in <module>   File "/usr/lib/python2.7/re.py", line 190, in compile     
return _compile(pattern, flags)   File "/usr/lib/python2.7/re.py", line 
242, in _compile     raise error, v # invalid expression 
sre_constants.error: nothing to repeat >>> 
I change it to:         res.set_headers({             'Cache-Control': 
'no-store, must-revalidate, no-cache, max-age=0',             
'Content-Type': 'application/json; charset=utf-8',             
'Access-Control-Allow-Credentials': 'true',             'Server': 
SERVER_NAME,             'Access-Control-Allow-Origin': '*',             
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, 
Accept, x-auth-user, x-auth-password, Authorization',             
'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS, DELETE'         
}) 
But when I try to see changes through curl -v or google chrome developer 
console: there aren't those headers. PS: I tried in my class and in 
midleware. 

Regards. 
Could you be a bit more specific? That code seems pulled directly from my 
project... 
In my project I'm using 0.2.0 and it works perfectly fine :) 
Regards, 
Oscar 

-- 
Oscar Carballal Prego - Senior Software Developer 
http://oscarcp.com | @pizte 

On 11 May 2015 at 12:34, Sumej < valeranew@ukr.net > wrote: 
Hello, 
I try to setup headers: origin_domain = req.get_header("Origin", required=True) 
resp.set_headers({             'Cache-Control': 'no-store, 
must-revalidate, no-cache, max-age=0',             'Content-Type': 
'application/json; charset=utf-8',             
'Access-Control-Allow-Credentials': 'true',             'Server': 
SERVER_NAME,             'Access-Control-Allow-Origin': ['*' if 
CORS_ACTIVE else SERVER_NAME],             'Access-Control-Allow-Headers':
'Origin, X-Requested-With, Content-Type, Accept, x-auth-user, 
x-auth-password, Authorization',             
'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS, DELETE'         
}) 
but I don't see those headers: 0.1.10 & 0.2.0 
Regards. 

Re: Re[2]: [falcon] Enable CORS

From:
Oscar Carballal
Date:
2015-05-11 @ 12:49
Yeah, first, the code from my project only works on Python 3, but this
specific part should run without problem in Python 2.7.

For this to work you need to be using falcon 0.2.x and trigger it as a
middleware as you can see in
https://github.com/clione/sikre/blob/master/app.py#L53

Apart from that, SERVER_NAME and CORS_ACTIVE are settings loaded from the
settings file here:
https://github.com/clione/sikre/blob/master/sikre/settings/development.py#L28

In Chrome, you can check if the headers came back to you in the network tab
of the developer console: http://i.imgur.com/j5XviDz.png (that is sikre on
falcon 0.2)

When you run the project do you see any errors or warnings?. Remember that
before falcon 0.2 the middleware didn't exist, they were hooks.

Regards,
Oscar

--
Oscar Carballal Prego - Senior Software Developer
http://oscarcp.com | @pizte

On 11 May 2015 at 13:27, Sumej <valeranew@ukr.net> wrote:

> Hi,
> I copied from
> https://github.com/clione/sikre/blob/master/sikre/middleware/headers.py
> code:
>
> But it not worked because:
> # python2.7
> Python 2.7.3 (default, Dec 18 2014, 19:10:20)
> [GCC 4.6.3] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
> >>> import re
> >>> expression =
> re.compile("^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$")
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
>   File "/usr/lib/python2.7/re.py", line 190, in compile
>   & nbsp; return _compile(pattern, flags)
>   File "/usr/lib/python2.7/re.py", line 242, in _compile
>     raise error, v # invalid expression
> sre_constants.error: nothing to repeat
> >>>
>
> I change it to:
>         res.set_headers({
>             'Cache-Control': 'no-store, must-revalidate, no-cache,
> max-age=0',
>             'Content-Type': 'application/json; charset=utf-8',
>             'Access-Control-Allow-Credentials': 'true',
>             'Server': SERVER_NAME,
>             'Access-Control-Allow-Origin': '*',
>       &nbs p;     'Access-Control-Allow-Headers': 'Origin,
> X-Requested-With, Content-Type, Accept, x-auth-user, x-auth-password,
> Authorization',
>             'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS,
> DELETE'
>         })
>
> But when I try to see changes through curl -v or google chrome developer
> console: there aren't those headers.
> PS:
> I tried in my class and in midleware.
>
>
> Regards.
>
> Could you be a bit more specific? That code seems pulled directly from my
> project...
>
> In my project I'm using 0.2.0 and it works perfectly fine :)
>
> Regards,
> Oscar
>
> --
> Oscar Carballal Prego - Senior Software Developer
> http://oscarcp.com | @pizte
>
> On 11 May 2015 at 12:34, Sumej <valeranew@ukr.net> wrote:
>
> Hello,
>
> I try to setup headers:
> origin_domain = req.get_header("Origin", required=True)
> resp.set_headers({
>             'Cache-Control': 'no-store, must-revalidate, no-cache,
> max-age=0',
>             'Content-Type': 'application/json; charset=utf-8',
>             'Access-Control-Allow-Credentials': 'true',
>             'Server': SERVER_NAME,
>             'Access-Control-Allow-Origin': ['*' if CORS_ACTIVE else
> SERVER_NAME],
>           &nbs p; 'Access-Control-Allow-Headers': 'Origin,
> X-Requested-With, Content-Type, Accept, x-auth-user, x-auth-password,
> Authorization',
>             'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS,
> DELETE'
>         })
>
> but I don't see those headers: 0.1.10 & 0.2.0
>
> Regards.
>
>
>
>

Re: Re[2]: [falcon] Enable CORS

From:
Oscar Carballal
Date:
2015-05-11 @ 12:51
Oh, I almost forgot: if you're testing from you local machine it won't
work. The regular expression will fail.

Regards,
Oscar

--
Oscar Carballal Prego - Senior Software Developer
http://oscarcp.com | @pizte

On 11 May 2015 at 13:49, Oscar Carballal <oscar.carballal@gmail.com> wrote:

> Yeah, first, the code from my project only works on Python 3, but this
> specific part should run without problem in Python 2.7.
>
> For this to work you need to be using falcon 0.2.x and trigger it as a
> middleware as you can see in
> https://github.com/clione/sikre/blob/master/app.py#L53
>
> Apart from that, SERVER_NAME and CORS_ACTIVE are settings loaded from the
> settings file here:
> https://github.com/clione/sikre/blob/master/sikre/settings/development.py#L28
>
> In Chrome, you can check if the headers came back to you in the network
> tab of the developer console: http://i.imgur.com/j5XviDz.png (that is
> sikre on falcon 0.2)
>
> When you run the project do you see any errors or warnings?. Remember that
> before falcon 0.2 the middleware didn't exist, they were hooks.
>
> Regards,
> Oscar
>
> --
> Oscar Carballal Prego - Senior Software Developer
> http://oscarcp.com | @pizte
>
> On 11 May 2015 at 13:27, Sumej <valeranew@ukr.net> wrote:
>
>> Hi,
>> I copied from
>> https://github.com/clione/sikre/blob/master/sikre/middleware/headers.py
>> code:
>>
>> But it not worked because:
>> # python2.7
>> Python 2.7.3 (default, Dec 18 2014, 19:10:20)
>> [GCC 4.6.3] on linux2
>> Type "help", "copyright", "credits" or "license" for more information.
>> >>> import re
>> >>> expression =
>> re.compile("^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$")
>> Traceback (most recent call last):
>>   File "<stdin>", line 1, in <module>
>>   File "/usr/lib/python2.7/re.py", line 190, in compile
>>   & nbsp; return _compile(pattern, flags)
>>   File "/usr/lib/python2.7/re.py", line 242, in _compile
>>     raise error, v # invalid expression
>> sre_constants.error: nothing to repeat
>> >>>
>>
>> I change it to:
>>         res.set_headers({
>>             'Cache-Control': 'no-store, must-revalidate, no-cache,
>> max-age=0',
>>             'Content-Type': 'application/json; charset=utf-8',
>>             'Access-Control-Allow-Credentials': 'true',
>>             'Server': SERVER_NAME,
>>             'Access-Control-Allow-Origin': '*',
>>       &nbs p;     'Access-Control-Allow-Headers': 'Origin,
>> X-Requested-With, Content-Type, Accept, x-auth-user, x-auth-password,
>> Authorization',
>>             'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS,
>> DELETE'
>>         })
>>
>> But when I try to see changes through curl -v or google chrome developer
>> console: there aren't those headers.
>> PS:
>> I tried in my class and in midleware.
>>
>>
>> Regards.
>>
>> Could you be a bit more specific? That code seems pulled directly from my
>> project...
>>
>> In my project I'm using 0.2.0 and it works perfectly fine :)
>>
>> Regards,
>> Oscar
>>
>> --
>> Oscar Carballal Prego - Senior Software Developer
>> http://oscarcp.com | @pizte
>>
>> On 11 May 2015 at 12:34, Sumej <valeranew@ukr.net> wrote:
>>
>> Hello,
>>
>> I try to setup headers:
>> origin_domain = req.get_header("Origin", required=True)
>> resp.set_headers({
>>             'Cache-Control': 'no-store, must-revalidate, no-cache,
>> max-age=0',
>>             'Content-Type': 'application/json; charset=utf-8',
>>             'Access-Control-Allow-Credentials': 'true',
>>             'Server': SERVER_NAME,
>>             'Access-Control-Allow-Origin': ['*' if CORS_ACTIVE else
>> SERVER_NAME],
>>           &nbs p; 'Access-Control-Allow-Headers': 'Origin,
>> X-Requested-With, Content-Type, Accept, x-auth-user, x-auth-password,
>> Authorization',
>>             'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS,
>> DELETE'
>>         })
>>
>> but I don't see those headers: 0.1.10 & 0.2.0
>>
>> Regards.
>>
>>
>>
>>
>

Re[2]: Re[2]: [falcon] Enable CORS

From:
Sumej
Date:
2015-05-12 @ 05:36
Hi, It was my fault  - I ran code without middleware =) All works fine. 
>Oh, I almost forgot: if you're testing from you local machine it won't 
work. The regular expression will fail. I haven't understand purpose of 
this regular expression. Can you explain? 

Oh, I almost forgot: if you're testing from you local machine it won't 
work. The regular expression will fail. 
Regards, 
Oscar 

-- 
Oscar Carballal Prego - Senior Software Developer 
http://oscarcp.com | @pizte 

On 11 May 2015 at 13:49, Oscar Carballal < oscar.carballal@gmail.com > wrote: 
Yeah, first, the code from my project only works on Python 3, but this 
specific part should run without problem in Python 2.7. 
For this to work you need to be using falcon 0.2.x and trigger it as a 
middleware as you can see in  
https://github.com/clione/sikre/blob/master/app.py#L53 
Apart from that, SERVER_NAME and CORS_ACTIVE are settings loaded from the 
settings file here:  
https://github.com/clione/sikre/blob/master/sikre/settings/development 
.py#L28 
In Chrome, you can check if the headers came back to you in the network 
tab of the developer console:  http://i.imgur.com/j5XviDz.png (that is 
sikre on falcon 0.2) 
When you run the project do you see any errors or warnings?. Remember that
before falcon 0.2 the middleware didn't exist, they were hooks. 
Regards, 
Oscar 

-- 
Oscar Carballal Prego - Senior Software Developer 
http://oscarcp.com | @pizte 

On 11 May 2015 at 13:27, Sumej < valeranew@ukr.net > wrote: 
Hi, I copied from  
https://github.com/clione/sikre/blob/master/sikre/middleware/headers.py 
code: 
But it not worked because: # python2.7 Python 2.7.3 (default, Dec 18 2014,
19:10:20) [GCC 4.6.3] on linux2 Type "help", "copyright", "credits" or 
"license" for more information. >>> import re >>> expression = 
re.compile("^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w 
\.-]*)*\/?$") Traceback (most recent call last):   File "<stdin>", line 1,
in <module>   File "/usr/lib/python2.7/re.py", line 190, in compile   & 
nbsp; return _compile(pattern, flags)   File "/usr/lib/python2.7/re.py", 
line 242, in _compile     raise error, v # invalid expression 
sre_constants.error: nothing to repeat >>> 
I change it to:         res.set_headers({             'Cache-Control': 
'no-store, must-revalidate, no-cache, max-age=0',             
'Content-Type': 'application/json; charset=utf-8',             
'Access-Control-Allow-Credentials': 'true',             'Server': 
SERVER_NAME,             'Access-Control-Allow-Origin': '*',       &nbs p;
    'Access-Control-Allow-Headers': 'Origin, X-Requested-With, 
Content-Type, Accept, x-auth-user, x-auth-password, Authorization',       
     'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS, DELETE'    
    }) 
But when I try to see changes through curl -v or google chrome developer 
console: there aren't those headers. PS: I tried in my class and in 
midleware. 

Regards. 
Could you be a bit more specific? That code seems pulled directly from my 
project... 
In my project I'm using 0.2.0 and it works perfectly fine :) 
Regards, 
Oscar 

-- 
Oscar Carballal Prego - Senior Software Developer 
http://oscarcp.com | @pizte 

On 11 May 2015 at 12:34, Sumej < valeranew@ukr.net > wrote: 
Hello, 
I try to setup headers: origin_domain = req.get_header("Origin", required=True) 
resp.set_headers({             'Cache-Control': 'no-store, 
must-revalidate, no-cache, max-age=0',             'Content-Type': 
'application/json; charset=utf-8',             
'Access-Control-Allow-Credentials': 'true',             'Server': 
SERVER_NAME,             'Access-Control-Allow-Origin': ['*' if 
CORS_ACTIVE else SERVER_NAME],           &nbs p; 
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, 
Accept, x-auth-user, x-auth-password, Authorization',             
'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS, DELETE'         
}) 
but I don't see those headers: 0.1.10 & 0.2.0 
Regards. 


Re: Re[2]: Re[2]: [falcon] Enable CORS

From:
Oscar Carballal
Date:
2015-05-12 @ 06:39
Sure!.

In my use case, to enable full CORS I change the "Origin" header in the
response to match the origin address that made the request.

To be sure that no one hijacks the connection easily, the regular
expression checks that every incoming connection has a valid Origin header
(must be a website address) or otherwise the API doesn't respond to the
client.

Regards,
Oscar

--
Oscar Carballal Prego - Senior Software Developer
http://oscarcp.com | @pizte

On 12 May 2015 at 06:36, Sumej <valeranew@ukr.net> wrote:

> Hi,
> It was my fault  - I ran code without middleware =) All works fine.
>
> >Oh, I almost forgot: if you're testing from you local machine it won't
> work. The regular expression will fail.
> I haven't understand purpose of this regular expression. Can you explain?
>
>
> Oh, I almost forgot: if you're testing from you local machine it won't
> work. The regular expression will fail.
>
> Regards,
> Oscar
>
> --
> Oscar Carballal Prego - Senior Software Developer
> http://oscarcp.com | @pizte
>
> On 11 May 2015 at 13:49, Oscar Carballal <oscar.carballal@gmail.com>
> wrote:
>
> Yeah, first, the code from my project only works on Python 3, but this
> specific part should run without problem in Python 2.7.
>
> For this to work you need to be using falcon 0.2.x and trigger it as a
> middleware as you can see in
> https://github.com/clione/sikre/blob/master/app.py#L53
>
> Apart from that, SERVER_NAME and CORS_ACTIVE are settings loaded from the
> settings file here: 
https://github.com/clione/sikre/blob/master/sikre/settings/developmen
> t .py#L28
> <https://github.com/clione/sikre/blob/master/sikre/settings/development.py#L28>
>
> In Chrome, you can check if the headers came back to you in the network
> tab of the developer console: http://i.imgur.com/j5XviDz.png (that is
> sikre on falcon 0.2)
>
> When you run the project do you see any errors or warnings?. Remember that
> before falcon 0.2 the middleware didn't exist, they were hooks.
>
> Regards,
> Oscar
>
> --
> Oscar Carballal Prego - Senior Software Developer
> http://oscarcp.com | @pizte
>
> On 11 May 2015 at 13:27, Sumej <valeranew@ukr.net> wrote:
>
> Hi,
> I copied from
> https://github.com/clione/sikre/blob/master/sikre/middleware/headers.py
> code:
>
> But it not worked because:
> # python2.7
> Python 2.7.3 (default, Dec 18 2014, 19:10:20)
> [GCC 4.6.3] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
> >>> import re
> >>> expression = re.compi
> le("^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$")
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
>   File "/usr/lib/python2.7/re.py", line 190, in compile
>   & nbsp; return _compile(pattern, flags)
>   File "/usr/lib/python2.7/re.py", line 242, in _compile
>     raise error, v # invalid expression
> sre_constants.error: nothing to repeat
> >>>
>
> I change it to:
>         res.set_headers({
>             'Cache-Control': 'no-store, must-revalidate, no-cache,
> max-age=0',
>             'Content-Type': 'application/json; charset=utf-8',
>             'Access-Control-Allow-Credentials': 'true',
>             'Server': SERVER_NAME,
>             'Access-Control-Allow-Origin': '*',
>     ;   &nbs p;     'Access-Control-Allow-Headers': 'Origin,
> X-Requested-With, Content-Type, Accept, x-auth-user, x-auth-password,
> Authorization',
>             'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS,
> DELETE'
>         })
>
> But when I try to see changes through curl -v or google chrome developer
> console: there aren't those headers.
> PS:
> I tried in my class and in midleware.
>
>
> Regards.
>
> Could you be a bit more specific? That code seems pulled directly from my
> project...
>
> In my project I'm using 0.2.0 and it works perfectly fine :)
>
> Regards,
> Oscar
>
> --
> Oscar Carballal Prego - Senior Software Developer
> http://oscarcp.com | @pizte
>
> On 11 May 2015 at 12:34, Sumej <valeranew@ukr.net> wrote:
>
> Hello,
>
> I try to setup headers:
> origin_domain = req.get_header("Origin", required=True)
> resp.set_headers({
>             'Cache-Control': 'no-store, must-revalidate, no-cache,
> max-age=0',
>             'Content-Type': 'application/json; charset=utf-8',
>             'Access-Control-Allow-Credentials': 'true',
>             'Server': SERVER_NAME,
>             'Access-Control-Allow-Origin': ['*' if CORS_ACTIVE else
> SERVER_NAME],
>           &nbs p; 'Access-Control-Allow-Headers': 'Origin,
> X-Requested-With, Content-Type, Accept, x-auth-user, x-auth-password,
> Authorization',
>             'Access-Control-Allow-Methods': 'GET, PUT, POST, OPTIONS,
> DELETE'
>         })
>
> but I don't see those headers: 0.1.10 & 0.2.0
>
> Regards.
>
>
>
>
>
>