hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-15 14:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

adjust headers for CORS

Browse Source 
- add `authorization` to default Access-Control-Allow-Headers
- allow overriding `Access-Control-Allow-Headers` just like everything else in case default is inappropriate
- ensure case-insensitive comparison for proper header checks
This commit is contained in:
Min RK
2017-11-16 11:46:40 +01:00
parent 963cd88440
commit f6f7081483
2 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
jupyterhub/handlers/base.py
View File

@@ -12,7 +12,7 @@ from urllib.parse import urlparse, urlunparse, parse_qs, urlencode
from jinja2 import TemplateNotFound
from tornado.log import app_log
from tornado.httputil import url_concat
from tornado.httputil import url_concat, HTTPHeaders
from tornado.ioloop import IOLoop
from tornado.web import RequestHandler
from tornado import gen, web
@@ -131,12 +131,15 @@ class BaseHandler(RequestHandler):
By default sets Content-Security-Policy of frame-ancestors 'self'.
"""
headers = self.settings.get('headers', {})
# wrap in HTTPHeaders for case-insensitivity
headers = HTTPHeaders(self.settings.get('headers', {}))
headers.setdefault("X-JupyterHub-Version", __version__)
for header_name, header_content in headers.items():
self.set_header(header_name, header_content)
if 'Access-Control-Allow-Headers' not in headers:
self.set_header('Access-Control-Allow-Headers', 'accept, content-type, authorization')
if 'Content-Security-Policy' not in headers:
self.set_header('Content-Security-Policy', self.content_security_policy)