Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for a more granular CORSConfig object. #311

Merged
merged 5 commits into from
Apr 29, 2017
Merged

Add support for a more granular CORSConfig object. #311

merged 5 commits into from
Apr 29, 2017

Conversation

stealthycoin
Copy link
Contributor

@stealthycoin stealthycoin commented Apr 28, 2017
edited
Loading

Allows specification of specific access control headers. Docs still
need to be written.

Implements: #70 (comment)

@stealthycoin stealthycoin requested a review from jamesls April 28, 2017 00:03
@codecov-io
Copy link

codecov-io commented Apr 28, 2017
edited
Loading

Codecov Report

Merging #311 into master will increase coverage by 0.15%.
The diff coverage is 97.56%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #311      +/-   ##
==========================================
+ Coverage   88.77%   88.92%   +0.15%     
==========================================
  Files          18       18              
  Lines        1826     1860      +34     
  Branches      213      224      +11     
==========================================
+ Hits         1621     1654      +33     
  Misses        152      152              
- Partials       53       54       +1
Impacted Files Coverage Δ
chalice/__init__.py 100% <ø> (ø) ⬆️
chalice/local.py 94.05% <100%> (ø) ⬆️
chalice/deploy/swagger.py 100% <100%> (ø) ⬆️
chalice/app.py 95.35% <97.05%> (+0.18%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b4ad6c6...8661e1c. Read the comment docs.

jamesls
jamesls reviewed Apr 28, 2017
View reviewed changes
chalice/app.py Outdated
if allow_headers is None:
allow_headers = list(self._REQUIRED_HEADERS)
else:
allow_headers.extend(self._REQUIRED_HEADERS)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if a passed in allow_header contains one of the _REQUIRED_HEADERS? Seems like we should check for existing values or use a set().

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I'll fix that.

chalice/app.py Outdated
@@ -167,6 +215,10 @@ def __init__(self, view_function, view_name, path, methods,
#: e.g, '/foo/{bar}/{baz}/qux -> ['bar', 'baz']
self.view_args = self._parse_view_args()
self.content_types = content_types
if cors is True:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a comment about why the identity check is being used instead of just boolean comparison. This is probably gonna catch other dev's attention because it's not a common pattern so it's worth explaining why we need to do this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea I was considering pulling it out into a _configure_cors and put a comment in there. I'll just do the comment.

chalice/app.py Outdated
def _add_cors_headers(self, response):
response.headers['Access-Control-Allow-Origin'] = '*'
def _add_cors_headers(self, response, cors):
response.headers.update(cors.get_access_control_headers())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realize the old code didn't do this, but I wonder if we should be overriding headers if they provide these values themselves, i.e a custom Response value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm, that seems like the correct behavior to me. I wouldn't want my explicitly set headers getting clobbered by my framework.

@jamesls
Copy link
Member

jamesls commented Apr 28, 2017

Looks good, just a few things remaining:

  • Double check on the integration tests and if we need to update them for the more granular preflight request
  • Documentation for this feature.

jamesls
jamesls approved these changes Apr 28, 2017
View reviewed changes
Copy link
Member

@jamesls jamesls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@stealthycoin stealthycoin force-pushed the cors-config branch 2 times, most recently from 0cb6245 to 0b94843 Compare April 28, 2017 23:56
jcarlyl added 5 commits April 28, 2017 17:05
Add support for a more granular CORSConfig object.
709e7a8 
Allows specification of specific access control headers. Docs still
need to be written.
Reread the cors spec and the apigateway documentation and updated.
040b2f1 
I misunderstood the spec slightly, this update corrects that
misunderstanding and increases code coverage.
Test cors more thoroughly.
a2e332c
CORS documentation.
2110cfa
changelog entry.
8661e1c
@stealthycoin stealthycoin merged commit 6164d5b into aws:master Apr 29, 2017
@stealthycoin stealthycoin deleted the cors-config branch April 29, 2017 05:53
This was referenced Apr 29, 2017
Closed
Closed
@jamesls jamesls mentioned this pull request May 1, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamesls jamesls jamesls approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stealthycoin @codecov-io @jamesls