isso/isso/wsgi.py

# -*- encoding: utf-8 -*-

class SubURI(object):

    def __init__(self, app):
        self.app = app

    def __call__(self, environ, start_response):

        script_name = environ.get('HTTP_X_SCRIPT_NAME')
        if script_name:
            environ['SCRIPT_NAME'] = script_name
            path_info = environ['PATH_INFO']
            if path_info.startswith(script_name):
                environ['PATH_INFO'] = path_info[len(script_name):]

        return self.app(environ, start_response)


class CORSMiddleWare(object):

    def __init__(self, app, hosts):
        self.app = app
        self.hosts = hosts

    def __call__(self, environ, start_response):

        def add_cors_headers(status, headers, exc_info=None):

            for host in self.hosts:
                if environ.get("HTTP_ORIGIN", None) == host.rstrip("/"):
                    origin = host.rstrip("/")
                    break
            else:
                origin = host.rstrip("/")

            headers.append(("Access-Control-Allow-Origin", origin))
            headers.append(("Access-Control-Allow-Headers", "Origin, Content-Type"))
            headers.append(("Access-Control-Allow-Credentials", "true"))
            headers.append(("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"))
            headers.append(("Access-Control-Expose-Headers", "X-Set-Cookie"))
            return start_response(status, headers, exc_info)

        if environ.get("REQUEST_METHOD") == "OPTIONS":
            add_cors_headers("200 Ok", [("Content-Type", "text/plain")])
            return ['200 Ok']

        return self.app(environ, add_cors_headers)
re-license to MIT 11 years ago			`# -- encoding: utf-8 --`
add CORS support Isso can now run on a separate domain such as comments.example.org and still serve for blog.example.org using CORS. 11 years ago
			`class SubURI(object):`

			`def __init__(self, app):`
			`self.app = app`

			`def __call__(self, environ, start_response):`

			`script_name = environ.get('HTTP_X_SCRIPT_NAME')`
			`if script_name:`
			`environ['SCRIPT_NAME'] = script_name`
			`path_info = environ['PATH_INFO']`
			`if path_info.startswith(script_name):`
			`environ['PATH_INFO'] = path_info[len(script_name):]`

			`return self.app(environ, start_response)`
add CORS middleware to add CORS header to all requests 11 years ago

			`class CORSMiddleWare(object):`

			`def __init__(self, app, hosts):`
			`self.app = app`
			`self.hosts = hosts`

			`def __call__(self, environ, start_response):`

			`def add_cors_headers(status, headers, exc_info=None):`

			`for host in self.hosts:`
			`if environ.get("HTTP_ORIGIN", None) == host.rstrip("/"):`
			`origin = host.rstrip("/")`
			`break`
			`else:`
			`origin = host.rstrip("/")`

add unittest for CORS headers 11 years ago			`headers.append(("Access-Control-Allow-Origin", origin))`
add CORS middleware to add CORS header to all requests 11 years ago			`headers.append(("Access-Control-Allow-Headers", "Origin, Content-Type"))`
			`headers.append(("Access-Control-Allow-Credentials", "true"))`
			`headers.append(("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"))`
handle cross-origin cookies with a custom header X-Set-Cookie, fix #24 Cookies set from a different domain can not be read by JS executed in the current domain. As a workaround, Isso sends both a Set-Cookie and X-Set-Cookie header. The former is used by the browser to make the HTTP request to the API, the latter is read by `embed.min.js` to determine if a comment can be edited or deleted. When a comment is deleted, the server sends an expired cookies in Set-Cookie and X-Set-Cookie. 11 years ago			`headers.append(("Access-Control-Expose-Headers", "X-Set-Cookie"))`
add CORS middleware to add CORS header to all requests 11 years ago			`return start_response(status, headers, exc_info)`

			`if environ.get("REQUEST_METHOD") == "OPTIONS":`
			`add_cors_headers("200 Ok", [("Content-Type", "text/plain")])`
			`return ['200 Ok']`

			`return self.app(environ, add_cors_headers)`