simonw / asgi-cors Goto Github PK

Hello,

I've tried to use this library with django channels and daphne. Unfortunately, I was not able to get it working. Could you add some documentation?

Best wishes

Had a weird bug where because this middleware wrapped something that already set access-control-allow-origin: * the resulting page had the HTTP header twice, which caused Firefox to not allow CORS at all.

This header allows the client to remember the CORS result so it doesn't have to perform a pre-flight OPTIONS request before every POST etc.

access-control-max-age: 7200

I was unable to setup CORS in asgi application . I saw all the instructions but unable to understand where to place them . It didn't work in the base.py .

httpx is a very nice way to test ASGI apps.

If callback= could be provided an awaitable, users could construct functions that e.g. make an async call to a database as part of deciding if a host should be allowed.

I tried implementing this with a asyncio.isawaitable() test against the callable but for some reason it didn't detect my await function as being awaitable. Here's the unit test I added which I failed to get passing:

@pytest.mark.asyncio
async def test_callback_async():
    was_called = False

    async def callback_true(origin):
        return True

    async def callback_false(origin):
        return False

    assert EXAMPLE_HOST == await get_cors_header(asgi_cors(hello_world_app, callback=callback_true), EXAMPLE_HOST)
    assert None == await get_cors_header(asgi_cors(hello_world_app, callback=callback_false), EXAMPLE_HOST)

Hello! I was working with strawberry-graphql[channels], a graphql server based on django channels.
In the meantime, I needed a cors library that supports asgi, so I used asgi_cors.
If the client requests a query to the server to get a response,
Is there any way other than directly modifying asgi_cors.py?

# asgi_cors.py
...
if access_control_allow_origin is not None:
    status = 200 if scope["method"] == "OPTIONS" else event["status"]  ####################
    event = {
        "type": "http.response.start",
        "status": status,
        "headers": [ p for p in original_headers if p[0] != b"access-control-allow-origin"]
        + [
            [ b"access-control-allow-origin", access_control_allow_origin],
            [ b"access-control-allow-headers", b"Content-Type"]  ####################
        ],
    }
await send(event)

added lines

• add for preflight method OPTIONS, if i don't add then event["status"] is 405
• add access-control-allow-headers, if i don't add then get error because in request, gql is sent

I met each and every problem about cors in my situation and managed to solve it.
But I'm not sure if this is the right solution and I'm asking to see if there is a better way.
Actually, I don't know if I can post this on Issues.
If it's a problem, I'll delete it.
Thanks for reading the long article.

This looks good to me. I'll merge it and add tests.

Originally posted by @simonw in #7 (comment)