U Rh@sddlmZddlZddlZddlZddlmZmZddlm Z m Z ddl m Z m Z mZmZmZdZddd d hZGd d d ZdS) ) annotationsN)HeadersMutableHeaders)PlainTextResponseResponse)ASGIAppMessageReceiveScopeSend)ZDELETEGETZHEADOPTIONSZPATCHZPOSTZPUTZAcceptzAccept-LanguagezContent-Languagez Content-Typec @seZdZd)dddddd dd d d d dZdddd dddZdddddZdddddZddddd ddd Zd!ddd d"d#d$Ze d%dd d&d'd(Z dS)*CORSMiddlewarer FNXrztyping.Sequence[str]boolz str | NoneintNone) app allow_origins allow_methods allow_headersallow_credentialsallow_origin_regexexpose_headersmax_agereturnc Csd|kr t}d} |dk r"t|} d|k} d|k} | p:|} i} | rLd| d<|rXd| d<|rjd|| d<i}| r|d|d<nd|d<|d|t|d ttt|B}|r| sd||d <|rd|d<||_ ||_ ||_ d d |D|_ | |_ | |_| |_| |_| |_||_dS) N*Access-Control-Allow-Origintruez Access-Control-Allow-Credentials, zAccess-Control-Expose-HeadersOriginZVary)zAccess-Control-Allow-MethodszAccess-Control-Max-AgeAccess-Control-Allow-HeaderscSsg|] }|qSrlower.0hrr?./venv/lib/python3.8/site-packages/starlette/middleware/cors.py Csz+CORSMiddleware.__init__..) ALL_METHODSrecompilejoinupdatestrsortedSAFELISTED_HEADERSsetrrrrallow_all_originsallow_all_headerspreflight_explicit_allow_originrsimple_headerspreflight_headers)selfrrrrrrrrZcompiled_allow_origin_regexr4r5r6r7r8rrr)__init__sN    zCORSMiddleware.__init__r r r )scopereceivesendrcs|ddkr$||||IdHdS|d}t|d}|d}|dkr`||||IdHdS|dkrd|kr|j|d}||||IdHdS|j||||dIdHdS) NtypeZhttpmethodr;originr access-control-request-method)request_headers)rrgetpreflight_responsesimple_response)r9r;r<r=r?headersrAZresponserrr)__call__Ks    zCORSMiddleware.__call__r0)rArcCs.|jr dS|jdk r$|j|r$dS||jkS)NT)r4r fullmatchr)r9rArrr)is_allowed_origin_s z CORSMiddleware.is_allowed_originrr)rCrc Cs|d}|d}|d}t|j}g}|j|drD|jrN||d<n |d||jkrb|d|jrz|dk rz||d<n>|dk rdd |d DD] }| |j kr|d qq|rd d |}t |d|dSt dd|dS)NrArBzaccess-control-request-headersrArr?r#cSsg|] }|qSrr$r&rrr)r*sz5CORSMiddleware.preflight_response..,rGzDisallowed CORS r!i)Z status_coderGZOK) rDdictr8rJr6appendrr5splitstriprr.r) r9rCZrequested_originZrequested_methodZrequested_headersrGZfailuresheaderZ failure_textrrr)rEhs,         z!CORSMiddleware.preflight_response)r;r<r=rCrcs*tj|j||d}||||IdHdS)N)r=rC) functoolspartialr=r)r9r;r<r=rCrrr)rFszCORSMiddleware.simple_responser)messager=rCrcs|ddkr||IdHdS|dgt|d}||j|d}d|k}|jrh|rh|||n|js|j|dr|||||IdHdS)Nr>zhttp.response.startrGr@r"ZcookierK) setdefaultrr/r7r4allow_explicit_originrJ)r9rUr=rCrGrAZ has_cookierrr)r=s      zCORSMiddleware.sendr)rGrArcCs||d<|ddS)Nrr")Zadd_vary_header)rGrArrr)rWsz$CORSMiddleware.allow_explicit_origin)rrrFNrr) __name__ __module__ __qualname__r:rHrJrErFr= staticmethodrWrrrr)rs ; &r)Z __future__rrSr,typingZstarlette.datastructuresrrZstarlette.responsesrrZstarlette.typesrrr r r r+r2rrrrr)s