From 00deee2517dc2592a98f7e145b5b2661c66fa686 Mon Sep 17 00:00:00 2001 From: zodecky <103199986+zodecky@users.noreply.github.com> Date: Wed, 6 Nov 2024 12:41:04 -0300 Subject: [PATCH] Delete middleware.py --- middleware.py | 136 -------------------------------------------------- 1 file changed, 136 deletions(-) delete mode 100644 middleware.py diff --git a/middleware.py b/middleware.py deleted file mode 100644 index c8767fa2a..000000000 --- a/middleware.py +++ /dev/null @@ -1,136 +0,0 @@ -from __future__ import annotations - -from typing import Any, Iterable, Optional, Union - -from .request import Request -from .response import Response - - -class CORSMiddleware(object): - """CORS Middleware. - - This middleware provides a simple out-of-the box CORS policy, including handling - of preflighted requests from the browser. - - See also: - - * https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - * https://www.w3.org/TR/cors/#resource-processing-model - - Keyword Arguments: - allow_origins (Union[str, Iterable[str]]): List of origins to allow (case - sensitive). The string ``'*'`` acts as a wildcard, matching every origin. - (default ``'*'``). - expose_headers (Optional[Union[str, Iterable[str]]]): List of additional - response headers to expose via the ``Access-Control-Expose-Headers`` - header. These headers are in addition to the CORS-safelisted ones: - ``Cache-Control``, ``Content-Language``, ``Content-Length``, - ``Content-Type``, ``Expires``, ``Last-Modified``, ``Pragma``. - (default ``None``). - - See also: - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers - allow_credentials (Optional[Union[str, Iterable[str]]]): List of origins - (case sensitive) for which to allow credentials via the - ``Access-Control-Allow-Credentials`` header. - The string ``'*'`` acts as a wildcard, matching every allowed origin, - while ``None`` disallows all origins. This parameter takes effect only - if the origin is allowed by the ``allow_origins`` argument. - (Default ``None``). - - """ - - def __init__( - self, - allow_origins: Union[str, Iterable[str]] = '*', - expose_headers: Optional[Union[str, Iterable[str]]] = None, - allow_credentials: Optional[Union[str, Iterable[str]]] = None, - allow_private_network: bool = False, - ): - - if allow_origins == '*': - self.allow_origins = allow_origins - else: - if isinstance(allow_origins, str): - allow_origins = [allow_origins] - self.allow_origins = frozenset(allow_origins) - if '*' in self.allow_origins: - raise ValueError( - 'The wildcard string "*" may only be passed to allow_origins as a ' - 'string literal, not inside an iterable.' - ) - - if expose_headers is not None and not isinstance(expose_headers, str): - expose_headers = ', '.join(expose_headers) - self.expose_headers = expose_headers - - if allow_credentials is None: - allow_credentials = frozenset() - elif allow_credentials != '*': - if isinstance(allow_credentials, str): - allow_credentials = [allow_credentials] - allow_credentials = frozenset(allow_credentials) - if '*' in allow_credentials: - raise ValueError( - 'The wildcard string "*" may only be passed to allow_credentials ' - 'as a string literal, not inside an iterable.' - ) - self.allow_credentials = allow_credentials - - self.allow_private_network = allow_private_network - - def process_response( - self, req: Request, resp: Response, resource: object, req_succeeded: bool - ) -> None: - """Implement the CORS policy for all routes. - - This middleware provides a simple out-of-the box CORS policy, - including handling of preflighted requests from the browser. - - See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - - See also: https://www.w3.org/TR/cors/#resource-processing-model - """ - - origin = req.get_header('Origin') - if origin is None: - return - - if self.allow_origins != '*' and origin not in self.allow_origins: - return - - if resp.get_header('Access-Control-Allow-Origin') is None: - set_origin = '*' if self.allow_origins == '*' else origin - if self.allow_credentials == '*' or origin in self.allow_credentials: - set_origin = origin - resp.set_header('Access-Control-Allow-Credentials', 'true') - resp.set_header('Access-Control-Allow-Origin', set_origin) - - if self.expose_headers: - resp.set_header('Access-Control-Expose-Headers', self.expose_headers) - - if ( - req_succeeded - and req.method == 'OPTIONS' - and req.get_header('Access-Control-Request-Method') - ): - # NOTE(kgriffs): This is a CORS preflight request. Patch the - # response accordingly. - - allow = resp.get_header('Allow') - resp.delete_header('Allow') - - allow_headers = req.get_header( - 'Access-Control-Request-Headers', default='*' - ) - - resp.set_header('Access-Control-Allow-Methods', allow) - resp.set_header('Access-Control-Allow-Headers', allow_headers) - resp.set_header('Access-Control-Max-Age', '86400') # 24 hours - - if self.allow_private_network and req.get_header('Access-Control-Request-Private-Network') == 'true': - resp.set_header('Access-Control-Allow-Private-Network', 'true') - - - async def process_response_async(self, *args: Any) -> None: - self.process_response(*args)