API Documentation

Tornado RequestHandler mix-in for implementing a CORS enabled endpoint.

The CORS specification describes a method of securing javascript access to web resources across access domains. This module implements a mix-in to be used with tornado.web.RequestHandler that provides much of the functionality required by CORS.

class sprockets.mixins.cors.CORSMixin

Mix this in over a tornado.web.RequestHandler for CORS support.

cors

A CORSSettings instance that controls the behavior of the mix-in.

options()

Respond to an OPTIONS request.

This method relies on self.SUPPORTED_METHODS for the content of the Allow response header. The CORS specific headers are generated based on the cors attribute.

class sprockets.mixins.cors.CORSSettings

Configures the CORS behavior.

allowed_methods

The set of CORS accepted HTTP methods. This controls the Access-Control-Allow-Methods response header.

allowed_origins

The set of origins that are allowed for the endpoint. This controls the Access-Control-Allow-Origin response header. If the requested origin is in this set, then the origin is allowed; otherwise, a 403 Forbidden is returned.

credentials_supported

Should the mix-in generate the Access-Control-Allow-Credentials header in the response.

request_headers

A set of header names that are acceptable in cross-origin requests. Headers added to this set MUST be lower-cased before adding them to the set.