https://img.shields.io/pypi/v/cherrypy_cors.svg https://img.shields.io/pypi/pyversions/cherrypy_cors.svghttps://img.shields.io/pypi/dm/cherrypy_cors.svghttps://img.shields.io/travis/yougov/cherrypy-cors/master.svg

CORS support for CherryPy

License

License is indicated in the project metadata (typically one or more of the Trove classifiers). For more details, see this explanation.

In a nutshell

In your application, either install the tool globally.

import cherrypy_cors
cherrypy_cors.install()

Or add it to your application explicitly.

import cherrypy_cors
app = cherrypy.tree.mount(...)
app.toolboxes['cors'] = cherrypy_cors.tools

Then, enable it in your cherrypy config. For example, to enable it for all static resources.

config = {
    '/static': {
        'tools.staticdir.on': True,
        'cors.expose.on': True,
    }
}

See simple-example for a runnable example.

API

cherrypy_cors.expose(allow_credentials=False, expose_headers=None, origins=None)

Adds CORS support to the resource.

If the resource is allowed to be exposed, the value of the Access-Control-Allow-Origin header in the response will echo the Origin request header, and Origin will be appended to the Vary response header.

Parameters
  • allow_credentials (bool) – Use credentials to make cookies work (see Access-Control-Allow-Credentials).

  • expose_headers (list or NoneType) – List of headers clients will be able to access (see Access-Control-Expose-Headers).

  • origins (list or NoneType) – List of allowed origins clients must reference.

Returns

Whether the resource is being exposed.

Return type

bool

  • Configuration example:

    config = {
        '/static': {
            'tools.staticdir.on': True,
            'cors.expose.on': True,
        }
    }
    
  • Decorator example:

    @cherrypy_cors.tools.expose()
    def DELETE(self):
        self._delete()
    
cherrypy_cors.expose_public(expose_headers=None)

Adds CORS support to the resource from any origin.

If the resource is allowed to be exposed, the value of the Access-Control-Allow-Origin header in the response will be *.

Parameters

expose_headers (list or NoneType) – List of headers clients will be able to access (see Access-Control-Expose-Headers).

Return type

NoneType

cherrypy_cors.preflight(allowed_methods, allowed_headers=None, allow_credentials=False, max_age=None, origins=None)

Adds CORS preflight support to a HTTP OPTIONS request.

Parameters
Returns

Whether the preflight is allowed.

Return type

bool

  • Used as a decorator with the Method Dispatcher

    @cherrypy_cors.tools.preflight(
        allowed_methods=["GET", "DELETE", "PUT"])
    def OPTIONS(self):
        pass
    
  • Function call with the Object Dispatcher

    @cherrypy.expose
    @cherrypy.tools.allow(
        methods=["GET", "DELETE", "PUT", "OPTIONS"])
    def thing(self):
        if cherrypy.request.method == "OPTIONS":
            cherrypy_cors.preflight(
                allowed_methods=["GET", "DELETE", "PUT"])
        else:
            self._do_other_things()
    
cherrypy_cors.install()

Install the toolbox such that it’s available in all applications.

class cherrypy_cors.CORS(req_headers, resp_headers)

A generic CORS handler.