Mercurial > p > roundup > code

comparison roundup/cgi/client.py @ 7228:07ce4e4110f5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
flake8 fixes: whitespace, remove unused imports
author John Rouillard <rouilj@ieee.org>
date Sat, 18 Mar 2023 14:16:31 -0400
parents 765222ef4cec
children b6839d357971
comparison
equal deleted inserted replaced
7227:1e004afe87bb 7228:07ce4e4110f5
630 630
631 def handle_preflight(self): 631 def handle_preflight(self):
632 # Call rest library to handle the pre-flight request 632 # Call rest library to handle the pre-flight request
633 handler = rest.RestfulInstance(self, self.db) 633 handler = rest.RestfulInstance(self, self.db)
634 output = handler.dispatch(self.env['REQUEST_METHOD'], 634 output = handler.dispatch(self.env['REQUEST_METHOD'],
635 self.path, self.form) 635 self.path, self.form)
636 636
637 if self.response_code == 204: 637 if self.response_code == 204:
638 self.write("") 638 self.write("")
639 else: 639 else:
640 self.setHeader("Content-Length", str(len(output))) 640 self.setHeader("Content-Length", str(len(output)))
680 message_type="application/json", 680 message_type="application/json",
681 status=400) 681 status=400)
682 return 682 return
683 683
684 # Handle CORS preflight request. We know rest is enabled 684 # Handle CORS preflight request. We know rest is enabled
685 # because handle_rest is called. Preflight requests 685 # because handle_rest is called. Preflight requests
686 # are unauthenticated, so no need to check permissions. 686 # are unauthenticated, so no need to check permissions.
687 if ( self.is_cors_preflight() ): 687 if (self.is_cors_preflight()):
688 self.handle_preflight() 688 self.handle_preflight()
689 return 689 return
690 elif not self.db.security.hasPermission('Rest Access', self.userid): 690 elif not self.db.security.hasPermission('Rest Access', self.userid):
691 output = s2b('{ "error": { "status": 403, "msg": "Forbidden." } }') 691 output = s2b('{ "error": { "status": 403, "msg": "Forbidden." } }')
692 self.reject_request(output, 692 self.reject_request(output,
1316 # find a match for other possible origins 1316 # find a match for other possible origins
1317 # Original spec says origin is case sensitive match. 1317 # Original spec says origin is case sensitive match.
1318 # Living spec doesn't address Origin value's case or 1318 # Living spec doesn't address Origin value's case or
1319 # how to compare it. So implement case sensitive.... 1319 # how to compare it. So implement case sensitive....
1320 if origin in allowed_origins: 1320 if origin in allowed_origins:
1321 return True 1321 return True
1322 # Block use of * when origin match is used for 1322 # Block use of * when origin match is used for
1323 # allowing credentials. See: 1323 # allowing credentials. See:
1324 # https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS 1324 # https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
1325 # under Credentials Requests and Wildcards 1325 # under Credentials Requests and Wildcards
1326 if ( allowed_origins and allowed_origins[0] == '*' 1326 if (allowed_origins and allowed_origins[0] == '*'
1327 and not credentials): 1327 and not credentials):
1328 return True 1328 return True
1329 1329
1330 return False 1330 return False
1331 1331
1332 def is_referer_header_ok(self, api=False): 1332 def is_referer_header_ok(self, api=False):
Roundup Issue Tracker: http://roundup-tracker.org/