Every line of 'django corsheaders' code snippets is scanned for vulnerabilities by our powerful machine learning engine that combs millions of open source libraries, ensuring your Python code is secure.
715 def _setCommonCORSHeaders(): 716 """ 717 Set CORS headers that should be passed back with either a preflight OPTIONS 718 or a simple CORS request. We set these headers anytime there is an Origin 719 header present since browsers will simply ignore them if the request is not 720 cross-origin. 721 """ 722 origin = cherrypy.request.headers.get('origin') 723 if not origin: 724 # If there is no origin header, this is not a cross origin request 725 return 726 727 allowed = Setting().get(SettingKey.CORS_ALLOW_ORIGIN) 728 729 if allowed: 730 setResponseHeader('Access-Control-Allow-Credentials', 'true') 731 setResponseHeader( 732 'Access-Control-Expose-Headers', Setting().get(SettingKey.CORS_EXPOSE_HEADERS)) 733 734 allowedList = {o.strip() for o in allowed.split(',')} 735 736 if origin in allowedList: 737 setResponseHeader('Access-Control-Allow-Origin', origin) 738 elif '*' in allowedList: 739 setResponseHeader('Access-Control-Allow-Origin', '*')