Welcome to cherrypy-cors documentation!

• History

API

class cherrypy_cors.CORS(req_headers, resp_headers)

Bases: object

A generic CORS handler.

expose(allow_credentials, expose_headers, origins)

expose_public(expose_headers)

property origin

preflight(allowed_methods, allowed_headers, allow_credentials, max_age, origins)

property requested_headers

property requested_method

cherrypy_cors.expose(allow_credentials=False, expose_headers=None, origins=None)

Adds CORS support to the resource.

If the resource is allowed to be exposed, the value of the Access-Control-Allow-Origin header in the response will echo the Origin request header, and Origin will be appended to the Vary response header.

Parameters:

• allow_credentials (bool) – Use credentials to make cookies work (see Access-Control-Allow-Credentials).

• expose_headers (list or None) – List of headers clients will be able to access (see Access-Control-Expose-Headers).

• origins (list or None) – List of allowed origins clients must reference.

Returns:

Whether the resource is being exposed.

Return type:

bool

• Configuration example:

  config = {
      '/static': {
          'tools.staticdir.on': True,
          'cors.expose.on': True,
      }
  }
  

• Decorator example:

  @cherrypy_cors.tools.expose()
  def DELETE(self):
      self._delete()
  

cherrypy_cors.expose_public(expose_headers=None)

Adds CORS support to the resource from any origin.

If the resource is allowed to be exposed, the value of the Access-Control-Allow-Origin header in the response will be *.

Parameters:

expose_headers (list or None) – List of headers clients will be able to access (see Access-Control-Expose-Headers).

Return type:

None

cherrypy_cors.install()

Install the toolbox such that it’s available in all applications.

cherrypy_cors.preflight(allowed_methods, allowed_headers=None, allow_credentials=False, max_age=None, origins=None)

Adds CORS preflight support to a HTTP OPTIONS request.

Parameters:

• allowed_methods (list or None) – List of supported HTTP methods (see Access-Control-Allow-Methods).

• allowed_headers (list or None) – List of supported HTTP headers (see Access-Control-Allow-Headers).

• allow_credentials (bool) – Use credentials to make cookies work (see Access-Control-Allow-Credentials).

• max_age (int) – Seconds to cache the preflight request (see Access-Control-Max-Age).

• origins (list or None) – List of allowed origins clients must reference.

Returns:

Whether the preflight is allowed.

Return type:

bool

• Used as a decorator with the Method Dispatcher

  @cherrypy_cors.tools.preflight(
      allowed_methods=["GET", "DELETE", "PUT"])
  def OPTIONS(self):
      pass
  

• Function call with the Object Dispatcher

  @cherrypy.expose
  @cherrypy.tools.allow(
      methods=["GET", "DELETE", "PUT", "OPTIONS"])
  def thing(self):
      if cherrypy.request.method == "OPTIONS":
          cherrypy_cors.preflight(
              allowed_methods=["GET", "DELETE", "PUT"])
      else:
          self._do_other_things()