You can do that easily in web2py...
Below is a sample of a decorator that allows any origin.
Change it to fit your needs.
You can use in a controller like:
@cors_allow
def action():
.
.
.
return dict(...)
------------------
def cors_origin():
origin = request.env.http_origin
headers = {}
headers['Access-Control-Allow-Origin'] = origin
headers['Access-Control-Allow-Methods'] = 'GET, OPTIONS, POST, HEAD,
PUT'
headers['Access-Control-Allow-Headers'] =
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept'
headers['Access-Control-Allow-Credentials'] = 'true';
response.headers.update(headers)
if request.env.request_method == 'OPTIONS':
headers['Content-Type'] = None
raise HTTP(200, '', **headers)
def cors_allow(action):
def f(*args, **kwargs):
cors_origin()
return action(*args, **kwargs)
f.__doc__ = action.__doc__
f.__name__ = action.__name__
f.__dict__.update(action.__dict__)
return f
2016-10-26 20:19 GMT+02:00 Spokes <spokes8...@gmail.com>:
> This isn't necessarily a web2py-specific question, but perhaps there's a
> web2py-specific solution that's preferable to other solutions, so I thought
> I'd ask it here.
>
> I have some HTML code and javascript, which I'd like to be able to paste
> into any website, and which should access an API endpoint on a web2py
> server. The web2py application is running on an nginx server.
>
> The javascript portion of the client code snippet is as follows:
>
> <script>
> $(document).on("click", "button", function(e){
> ...
> var xhr = new XMLHttpRequest();
> xhr.open("POST", "https://myurl.com/api/action/";);
>
> xhr.setRequestHeader("Content-Type",
> "application/json");
> var jsonStr = JSON.stringify({
> Header:{Procedure:"..."},
> Body: { ... }
> });
> xhr.send(jsonStr);
> });
> </script>
>
> When the button that triggers the above action is clicked, the following
> error is generated (in Chrome):
>
> XMLHttpRequest cannot load https://myurl.com/api/action. Response to
> preflight request doesn't pass access control check: No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
> Origin 'http://127.0.0.1:8000' is therefore not allowed access.
>
> As I understand it, this issue can be resolved by enabling CORS in the
> nginx settings <http://enable-cors.org/server_nginx.html>. However, I'd
> like to limit the modification to that one API function, which corresponds
> to the application/controller/function combo,
> "[MyApplication]/api/action". I'd appreciate recommendations on how to do
> this within the context of web2py running on nginx. Alternatively, is there
> a modification to the client javascript code (I'd like to keep the code
> small, so any modification would have to not exceed a couple of lines) that
> would remedy the problem? Thanks.
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
