mirrors/posthog
0
0
Fork 0
mirror of https://github.com/PostHog/posthog.git synced 2024-11-24 00:47:50 +01:00
Code Issues Releases Activity
6354e8718f
posthog/posthog/utils_cors.py
Paul D'Ambra 5a275d27fe
fix: even more zipkin (#26125)
2024-11-11 19:03:51 +00:00

43 lines
1.4 KiB
Python
Raw Blame History

from urllib.parse import urlparse
CORS_ALLOWED_TRACING_HEADERS = (
"traceparent",
"request-id",
"request-context",
"x-amzn-trace-id",
"x-cloud-trace-context",
"Sentry-Trace",
"Baggage",
"x-highlight-request",
"x-datadome-clientid",
"x-posthog-token",
"x-b3-sampled",
"x-b3-spanid",
"x-b3-traceid",
"x-b3-parentspanid",
"b3",
)
def cors_response(request, response):
if not request.META.get("HTTP_ORIGIN"):
return response
url = urlparse(request.META["HTTP_ORIGIN"])
if url.netloc == "":
response["Access-Control-Allow-Origin"] = "*"
else:
response["Access-Control-Allow-Origin"] = f"{url.scheme}://{url.netloc}"
response["Access-Control-Allow-Credentials"] = "true"
response["Access-Control-Allow-Methods"] = "GET, POST, OPTIONS"
# Handle headers that sentry randomly sends for every request.
# Would cause a CORS failure otherwise.
# specified here to override the default added by the cors headers package in web.py
allow_headers = request.META.get("HTTP_ACCESS_CONTROL_REQUEST_HEADERS", "").split(",")
allow_headers = [header for header in allow_headers if header in CORS_ALLOWED_TRACING_HEADERS]
response["Access-Control-Allow-Headers"] = "X-Requested-With,Content-Type" + (
"," + ",".join(allow_headers) if len(allow_headers) > 0 else ""
)
return response
View Git Blame Copy Permalink