45 lines
1.5 KiB
Python
45 lines
1.5 KiB
Python
from collections.abc import Awaitable, Callable, Collection, Iterable
|
|
|
|
from aiohttp import web
|
|
from aiohttp.typedefs import Middleware
|
|
from aiohttp.web_middlewares import middleware
|
|
from aiohttp.web_request import Request
|
|
from aiohttp.web_response import StreamResponse
|
|
|
|
Handler = Callable[[Request], Awaitable[StreamResponse]]
|
|
|
|
|
|
def cors(
|
|
*,
|
|
allow_headers: Iterable[str],
|
|
allow_origins: Collection[str],
|
|
expose_headers: Iterable[str],
|
|
) -> Middleware:
|
|
@middleware
|
|
async def impl(request: Request, handler: Handler) -> StreamResponse:
|
|
origin = request.headers.get("Origin")
|
|
if not origin:
|
|
return await handler(request)
|
|
|
|
if origin not in allow_origins:
|
|
return web.Response(status=403, text="CORS origin is not allowed")
|
|
|
|
is_options = request.method == "OPTIONS"
|
|
is_preflight = is_options and "Access-Control-Request-Method" in request.headers
|
|
if is_preflight:
|
|
resp = StreamResponse()
|
|
else:
|
|
resp = await handler(request)
|
|
|
|
resp.headers["Access-Control-Allow-Origin"] = origin
|
|
if expose_headers:
|
|
resp.headers["Access-Control-Expose-Headers"] = ", ".join(expose_headers)
|
|
if is_options:
|
|
resp.headers["Access-Control-Allow-Headers"] = ", ".join(allow_headers)
|
|
resp.headers["Access-Control-Allow-Methods"] = ", ".join(
|
|
("OPTIONS", "POST")
|
|
)
|
|
|
|
return resp
|
|
|
|
return impl
|