pingu_98/MrDraw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

API: Clarify Access-Control-Request-Header handling

Browse source 
'headers' was a way too generic name, and the code structure implied
it was used in place of 'resp.headers' or 'request.headers', which is not the case.
Also add comment about the purpose of this code.
This commit is contained in:
Jon Nordby 2014-06-07 14:36:26 +02:00
parent 33005ea243
commit 014ea3eadc
1 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/octoprint/server/api/__init__.py
View file

@ -37,10 +37,6 @@ def optionsAllowOrigin(request):
resp = current_app.make_default_options_response()
headers = None
if 'ACCESS_CONTROL_REQUEST_HEADERS' in request.headers:
headers = request.headers['ACCESS_CONTROL_REQUEST_HEADERS']
# Allow the origin which made the XHR
resp.headers['Access-Control-Allow-Origin'] = request.headers['Origin']
# Allow the actual method
@ -48,9 +44,11 @@ def optionsAllowOrigin(request):
# Allow for 10 seconds
resp.headers['Access-Control-Max-Age'] = "10"
# We also keep current headers
if headers is not None:
resp.headers['Access-Control-Allow-Headers'] = headers
# 'preflight' request contains the non-standard headers the real request will have (like X-Api-Key)
customRequestHeaders = request.headers.get('ACCESS_CONTROL_REQUEST_HEADERS', None)
if customRequestHeaders is not None:
# If present => allow them all
resp.headers['Access-Control-Allow-Headers'] = customRequestHeaders
return resp