API Documentation¶
Tornado RequestHandler mix-in for implementing a CORS enabled endpoint.
The CORS specification describes a method of securing javascript access
to web resources across access domains. This module implements a mix-in
to be used with tornado.web.RequestHandler
that provides much
of the functionality required by CORS.
-
class
sprockets.mixins.cors.
CORSMixin
¶ Mix this in over a
tornado.web.RequestHandler
for CORS support.-
cors
¶ A
CORSSettings
instance that controls the behavior of the mix-in.
-
-
class
sprockets.mixins.cors.
CORSSettings
¶ Configures the CORS behavior.
-
allowed_methods
¶ The
set
of CORS accepted HTTP methods. This controls the Access-Control-Allow-Methods response header.
-
allowed_origins
¶ The
set
of origins that are allowed for the endpoint. This controls the Access-Control-Allow-Origin response header. If the requested origin is in this set, then the origin is allowed; otherwise, a 403 Forbidden is returned.
-
credentials_supported
¶ Should the mix-in generate the Access-Control-Allow-Credentials header in the response.
-