Commit 2be80aa2 authored by iv's avatar iv

Add cross-origin for webdav even when not authorized (otherwise remote app...

Add cross-origin for webdav even when not authorized (otherwise remote app cannot get info to go to authorization page)
+ support OPTIONS for preflighted requests (see doc: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests ).
parent 1b60cfa0
...@@ -12,6 +12,9 @@ app.config.from_object(__name__) ...@@ -12,6 +12,9 @@ app.config.from_object(__name__)
FS_PATH = '/tmp/couscous' FS_PATH = '/tmp/couscous'
ALLOWED_METHODS = ['GET', 'PUT', 'PROPFIND', 'PROPPATCH', 'MKCOL', 'DELETE',
'COPY', 'MOVE', 'OPTIONS']
def debug(content): def debug(content):
if app.debug: print(content) if app.debug: print(content)
...@@ -78,11 +81,24 @@ def before_request(): ...@@ -78,11 +81,24 @@ def before_request():
'Authorization, Depth, If-Modified-Since, If-None-Match' 'Authorization, Depth, If-Modified-Since, If-None-Match'
headers['Access-Control-Expose-Headers'] = \ headers['Access-Control-Expose-Headers'] = \
'Content-Type, Last-Modified, WWW-Authenticate' 'Content-Type, Last-Modified, WWW-Authenticate'
headers['Access-Control-Allow-Origin'] = request.headers.get('Origin')
specific_header = request.headers.get('Access-Control-Request-Headers')
if is_authorized(request.cookies): if is_authorized(request.cookies):
headers['Access-Control-Allow-Origin'] = request.headers.get('Origin')
response = make_response(content, 200) response = make_response(content, 200)
response.headers = headers response.headers = headers
elif request.method == 'OPTIONS' and specific_header:
# tells the world we do CORS when authorized
debug('OPTIONS request special header: ' + specific_header)
headers['Access-Control-Request-Headers'] = specific_header
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = ', '.join(ALLOWED_METHODS)
response = make_response(content, 200)
response.headers = headers
return response
else: else:
headers['WWW-Authenticate'] = 'Nayookie login_url=' + \ headers['WWW-Authenticate'] = 'Nayookie login_url=' + \
urlparse.urljoin(request.url_root, urlparse.urljoin(request.url_root,
...@@ -95,8 +111,7 @@ def before_request(): ...@@ -95,8 +111,7 @@ def before_request():
g.response = response g.response = response
class WebDAV(MethodView): class WebDAV(MethodView):
methods = ['GET', 'PUT', 'PROPFIND', 'PROPPATCH', 'MKCOL', 'DELETE', 'COPY', methods = ALLOWED_METHODS
'MOVE']
def __init__(self): def __init__(self):
self.baseuri = URI_BEGINNING_PATH['webdav'] self.baseuri = URI_BEGINNING_PATH['webdav']
...@@ -268,6 +283,15 @@ class WebDAV(MethodView): ...@@ -268,6 +283,15 @@ class WebDAV(MethodView):
response.status = '424' response.status = '424'
return response return response
def options(self, pathname):
"""
OPTIONS:
used to process pre-flight request
"""
return g.response
app.add_url_rule(URI_BEGINNING_PATH['webdav'] + '<path:pathname>', app.add_url_rule(URI_BEGINNING_PATH['webdav'] + '<path:pathname>',
view_func=WebDAV.as_view('dav')) view_func=WebDAV.as_view('dav'))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment