1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
diff -ru web2/http_headers.py web2-CardDavMATE/http_headers.py
--- web2/http_headers.py 2011-10-31 00:34:14.000000000 +0100
+++ web2-CardDavMATE/http_headers.py 2011-10-31 00:31:07.000000000 +0100
@@ -1531,7 +1531,14 @@
'Set-Cookie2':(tokenize, parseSetCookie2),
'Vary':(tokenize, filterTokens),
'WWW-Authenticate': (lambda h: tokenize(h, foldCase=False),
- parseWWWAuthenticate,)
+ parseWWWAuthenticate,),
+
+ # begin CardDavMATE section
+ 'Access-Control-Allow-Origin':(last,),
+ 'Access-Control-Allow-Methods':(last,),
+ 'Access-Control-Allow-Headers':(last,),
+ 'Access-Control-Allow-Credentials':(last,),
+ 'Access-Control-Expose-Headers':(last,)
+ # end CardDavMATE section
}
generator_response_headers = {
@@ -1545,7 +1552,14 @@
'Set-Cookie':(generateSetCookie,),
'Set-Cookie2':(generateSetCookie2,),
'Vary':(generateList, singleHeader),
- 'WWW-Authenticate':(generateWWWAuthenticate,)
+ 'WWW-Authenticate':(generateWWWAuthenticate,),
+
+ # begin CardDavMATE section
+ 'Access-Control-Allow-Origin':(str, singleHeader),
+ 'Access-Control-Allow-Methods':(str, singleHeader),
+ 'Access-Control-Allow-Headers':(str, singleHeader),
+ 'Access-Control-Allow-Credentials':(str, singleHeader),
+ 'Access-Control-Expose-Headers':(str, singleHeader)
+ # end CardDavMATE section
}
parser_entity_headers = {
diff -ru web2/server.py web2-CardDavMATE/server.py
--- web2/server.py 2011-10-31 00:34:21.000000000 +0100
+++ web2-CardDavMATE/server.py 2011-10-31 00:31:07.000000000 +0100
@@ -58,6 +58,18 @@
response.headers.setHeader('server', VERSION)
if not response.headers.hasHeader('date'):
response.headers.setHeader('date', time.time())
+
+ # begin CardDavMATE section
+ if not response.headers.hasHeader('Access-Control-Allow-Origin'):
+ response.headers.setHeader('Access-Control-Allow-Origin', '*')
+ if not response.headers.hasHeader('Access-Control-Allow-Methods'):
+ response.headers.setHeader('Access-Control-Allow-Methods','GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK')
+ if not response.headers.hasHeader('Access-Control-Allow-Headers'):
+ response.headers.setHeader('Access-Control-Allow-Headers','User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With')
+ if not response.headers.hasHeader('Access-Control-Allow-Credentials'):
+ response.headers.setHeader('Access-Control-Allow-Credentials','true')
+ if not response.headers.hasHeader('Access-Control-Expose-Headers'):
+ response.headers.setHeader('Access-Control-Expose-Headers','Etag,Preference-Applied')
+ # end CardDavMATE section
+
return response
defaultHeadersFilter.handleErrors = True
@@ -354,7 +366,7 @@
example. This would also be the place to do any CONNECT
processing."""
- if self.method == "OPTIONS" and self.uri == "*":
+ if self.method == "OPTIONS":
response = http.Response(responsecode.OK)
response.headers.setHeader('allow', ('GET', 'HEAD', 'OPTIONS', 'TRACE'))
return response