Projet

Général

Profil

0001-improve-AJAX-JSONP-support-in-decorators.json.patch

Benjamin Dauvergne, 10 novembre 2015 10:27

Télécharger (2,97 ko)

Voir les différences: 

Subject: [PATCH] improve AJAX/JSONP support in decorators.json


 src/authentic2/decorators.py | 38 +++++++++++++++++++++++++-------------
 1 file changed, 25 insertions(+), 13 deletions(-)
src/authentic2/decorators.py
258 258 
    from . import cors
259 259 
    @wraps(func)
260 260 
    def f(request, *args, **kwargs):
261 
        jsonp = False
262 
        # Differentiate JSONP from AJAX
263 
        if request.method == 'GET':
264 
            for variable in ('jsonpCallback', 'callback'):
265 
                if variable in request.GET:
266 
                    identifier = request.GET[variable]
267 
                    if not re.match(r'^[$a-zA-Z_][0-9a-zA-Z_$]*$', identifier):
268 
                        return HttpResponseBadRequest('invalid JSONP callback name')
269 
                    jsonp = True
270 
                    break
261 271 
        # 1. check origin
262 
        origin = request.META.get('HTTP_ORIGIN')
263 
        if origin is None:
272 
        if jsonp:
264 273 
            origin = request.META.get('HTTP_REFERER')
274 
            if not origin:
275 
                # JSONP is unusable for people without referers
276 
                return HttpResponseForbidden('bad origin')
277 
            origin = cors.make_origin(origin)
278 
            if not cors.check_origin(request, origin):
279 
                return HttpResponseForbidden('bad origin')
280 
        else:
281 
            origin = request.META.get('HTTP_ORIGIN')
265 282 
            if origin:
266 
                origin = cors.make_origin(origin)
267 
        if not cors.check_origin(request, origin):
268 
            return HttpResponseForbidden('bad origin')
283 
                if not cors.check_origin(request, origin):
284 
                    return HttpResponseForbidden('bad origin')
269 285 
        # 2. build response
270 286 
        result = func(request, *args, **kwargs)
271 287 
        json_str = json_dumps(result)
272 
        response = HttpResponse(content_type='application/json')
273 
        for variable in ('jsonpCallback', 'callback'):
274 
            if variable in request.GET:
275 
                identifier = request.GET[variable]
276 
                if not re.match(r'^[$a-zA-Z_][0-9a-zA-Z_$]*$', identifier):
277 
                    return HttpResponseBadRequest('invalid JSONP callback name')
278 
                json_str = '%s(%s);' % (identifier, json_str)
279 
                break
288 
        if jsonp:
289 
            response = HttpResponse(content_type='application/javascript')
290 
            json_str = '%s(%s);' % (identifier, json_str)
280 291 
        else:
292 
            response = HttpResponse(content_type='application/json')
281 293 
            response['Access-Control-Allow-Origin'] = origin
282 294 
            response['Access-Control-Allow-Credentials'] = 'true'
283 295 
            response['Access-Control-Allow-Headers'] = 'x-requested-with'
284 
-