diff options
author | Mark Haines <mark.haines@matrix.org> | 2016-11-02 11:29:25 +0000 |
---|---|---|
committer | Mark Haines <mark.haines@matrix.org> | 2016-11-02 11:29:25 +0000 |
commit | b1c27975d06ff23481a8b1ae0b384a9b5dedd04e (patch) | |
tree | 170d1f2d10048bd07ec371e67b323ec21e698634 /synapse/http/server.py | |
parent | Merge branch 'master' of github.com:matrix-org/synapse into develop (diff) | |
download | synapse-b1c27975d06ff23481a8b1ae0b384a9b5dedd04e.tar.xz |
Set CORs headers on responses from the media repo
Diffstat (limited to 'synapse/http/server.py')
-rw-r--r-- | synapse/http/server.py | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/synapse/http/server.py b/synapse/http/server.py index 168e53ce0c..14715878c5 100644 --- a/synapse/http/server.py +++ b/synapse/http/server.py @@ -392,17 +392,30 @@ def respond_with_json_bytes(request, code, json_bytes, send_cors=False, request.setHeader(b"Content-Length", b"%d" % (len(json_bytes),)) if send_cors: - request.setHeader("Access-Control-Allow-Origin", "*") - request.setHeader("Access-Control-Allow-Methods", - "GET, POST, PUT, DELETE, OPTIONS") - request.setHeader("Access-Control-Allow-Headers", - "Origin, X-Requested-With, Content-Type, Accept") + set_cors_headers(request) request.write(json_bytes) finish_request(request) return NOT_DONE_YET +def set_cors_headers(request): + """Set the CORs headers so that javascript running in a web browsers can + use this API + + Args: + request (twisted.web.http.Request): The http request to add CORs to. + """ + request.setHeader("Access-Control-Allow-Origin", "*") + request.setHeader( + "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS" + ) + request.setHeader( + "Access-Control-Allow-Headers", + "Origin, X-Requested-With, Content-Type, Accept" + ) + + def finish_request(request): """ Finish writing the response to the request. |