Welcome to cherrypy-cors documentation!#
API#
- class cherrypy_cors.CORS(req_headers, resp_headers)#
Bases:
object
A generic CORS handler.
- expose(allow_credentials, expose_headers, origins)#
- expose_public(expose_headers)#
- property origin#
- preflight(allowed_methods, allowed_headers, allow_credentials, max_age, origins)#
- property requested_headers#
- property requested_method#
- cherrypy_cors.expose(allow_credentials=False, expose_headers=None, origins=None)#
Adds CORS support to the resource.
If the resource is allowed to be exposed, the value of the Access-Control-Allow-Origin header in the response will echo the Origin request header, and Origin will be appended to the Vary response header.
- Parameters:
allow_credentials (bool) – Use credentials to make cookies work (see Access-Control-Allow-Credentials).
expose_headers (list or None) – List of headers clients will be able to access (see Access-Control-Expose-Headers).
origins (list or None) – List of allowed origins clients must reference.
- Returns:
Whether the resource is being exposed.
- Return type:
Configuration example:
config = { '/static': { 'tools.staticdir.on': True, 'cors.expose.on': True, } }
Decorator example:
@cherrypy_cors.tools.expose() def DELETE(self): self._delete()
- cherrypy_cors.expose_public(expose_headers=None)#
Adds CORS support to the resource from any origin.
If the resource is allowed to be exposed, the value of the Access-Control-Allow-Origin header in the response will be *.
- Parameters:
expose_headers (list or None) – List of headers clients will be able to access (see Access-Control-Expose-Headers).
- Return type:
None
- cherrypy_cors.install()#
Install the toolbox such that it’s available in all applications.
- cherrypy_cors.preflight(allowed_methods, allowed_headers=None, allow_credentials=False, max_age=None, origins=None)#
Adds CORS preflight support to a HTTP OPTIONS request.
- Parameters:
allowed_methods (list or None) – List of supported HTTP methods (see Access-Control-Allow-Methods).
allowed_headers (list or None) – List of supported HTTP headers (see Access-Control-Allow-Headers).
allow_credentials (bool) – Use credentials to make cookies work (see Access-Control-Allow-Credentials).
max_age (int) – Seconds to cache the preflight request (see Access-Control-Max-Age).
origins (list or None) – List of allowed origins clients must reference.
- Returns:
Whether the preflight is allowed.
- Return type:
Used as a decorator with the Method Dispatcher
@cherrypy_cors.tools.preflight( allowed_methods=["GET", "DELETE", "PUT"]) def OPTIONS(self): pass
Function call with the Object Dispatcher
@cherrypy.expose @cherrypy.tools.allow( methods=["GET", "DELETE", "PUT", "OPTIONS"]) def thing(self): if cherrypy.request.method == "OPTIONS": cherrypy_cors.preflight( allowed_methods=["GET", "DELETE", "PUT"]) else: self._do_other_things()