Metadata-Version: 2.1
Name: more.cors
Version: 0.3
Summary: CORS support for Morepath
Home-page: http://github.com/kagesenshi/more.cors
Author: Izhar Firdaus
Author-email: kagesenshi.87@gmail.com
License: BSD
Keywords: morepath CORS
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: Implementation :: PyPy
Requires-Dist: setuptools
Requires-Dist: morepath (>=0.19)
Provides-Extra: coverage
Requires-Dist: pytest-cov ; extra == 'coverage'
Provides-Extra: pep8
Requires-Dist: flake8 ; extra == 'pep8'
Requires-Dist: black ; extra == 'pep8'
Provides-Extra: test
Requires-Dist: pytest ; extra == 'test'
Requires-Dist: pytest-remove-stale-bytecode ; extra == 'test'
Requires-Dist: webtest ; extra == 'test'

more.cors: CORS support for Morepath
====================================

This package adds CORS support to Morepath.


Quick start
-----------

Install ``more.cors``:

.. code-block:: console

    $ pip install -U more.cors

Extend your App class from CORSApp:

.. code-block:: python

    from more.cors import CORSApp


    class App(CORSApp):
        pass

This will add basic CORS support to your Morepath app.


Settings
--------

more.cors provides settings in the 'cors' section. Here are the defaults:

.. code-block:: python

    @App.setting_section(section='cors')
    def cors_settings():
        return {
            'allowed_verbs': ['GET', 'PUT', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],
            'allowed_origin': '*',
            'expose_headers': ['Content-Type', 'Authorization'],
            'allowed_headers': ['Content-Type', 'Authorization'],
            'max_age': 60,
            'allow_credentials': False
        }

The following settings are available:

allowed_verbs
  A list of allowed HTTP request methods.

allowed_origin
  A URI that may access the resource.
  For requests **without credentials**, "*" can be used as a wildcard,
  allowing any origin to access the resource.

expose_headers
  A list of HTTP headers which can be exposed as part of the response.

allowed_headers
  A list of HTTP headers which can be used during the actual request.

max_age
  Maximum number of seconds the results of a preflight request can be cached.

allow_credentials
  Boolean which indicates whether or not the actual request can be made using
  credentials.
  Credentials are cookies, authorization headers or TLS client certificates.


Specify CORS settings for a single view
---------------------------------------

more.cors exposes the ``App.cors()`` class method.
This can be used to specify settings for a single view:

.. code-block:: python

    App.cors(
        model=Root,
        view_name='view2',
        allowed_headers=['Cache-Control'],
        expose_headers=['Cookie'],
        allowed_origin='http://foo.com',
        allow_credentials=True,
        max_age=10
    )

model
  Specifies the corresponding view model.

view_name
  Is needed when you use a named view.

allowed_headers, expose_headers, allowed_origin, allow_credentials, max_age
  The settings which can be specified. For details see Settings_.


CHANGES
=======

0.3 (2020-04-26)
----------------

- **Removed**: Removed support for Python 2.

  You have to upgrade to Python 3 if you want to use this version.

- Added support for Python 3.7 and 3.8 and PyPy 3.6.

- Make Python 3.7 the default testing environment.

- Add integration for the Black code formatter.


0.2 (2018-06-11)
----------------

- Fix list of allowed verbs for failed (unauthorized) preflight (see `PR #4`_).

.. _PR #4: https://github.com/morepath/more.cors/pull/4


0.1 (2018-06-08)
----------------

- Initial public release


