How to use is_cors_origin_allowed method in localstack

Best Python code snippet using localstack_python

generic_proxy.py

Source:generic_proxy.py

...197    for allowed_origin in allowed_origins:198        if allowed_origin == "*" or origin == allowed_origin:199            return True200    return False201def is_cors_origin_allowed(headers, allowed_origins=None):202    """Returns true if origin is allowed to perform cors requests, false otherwise"""203    allowed_origins = ALLOWED_CORS_ORIGINS if allowed_origins is None else allowed_origins204    origin = headers.get("origin")205    referer = headers.get("referer")206    if origin:207        return _is_in_allowed_origins(allowed_origins, origin)208    elif referer:209        referer_uri = "{uri.scheme}://{uri.netloc}".format(uri=urlparse(referer))210        return _is_in_allowed_origins(allowed_origins, referer_uri)211    # If both headers are not set, let it through (awscli etc. do not send these headers)212    return True213def should_enforce_self_managed_service(method, path, headers, data):214    if config.DISABLE_CUSTOM_CORS_S3 and config.DISABLE_CUSTOM_CORS_APIGATEWAY:215        return True216    # allow only certain api calls without checking origin217    import localstack.services.edge218    api, _ = localstack.services.edge.get_api_from_custom_rules(method, path, data, headers) or (219        "",220        None,221    )222    if not config.DISABLE_CUSTOM_CORS_S3 and api == "s3":223        return False224    if not config.DISABLE_CUSTOM_CORS_APIGATEWAY and api == "apigateway":225        return False226    return True227def modify_and_forward(228    method=None,229    path=None,230    data_bytes=None,231    headers=None,232    forward_base_url=None,233    listeners=None,234    request_handler=None,235    client_address=None,236    server_address=None,237):238    """This is the central function that coordinates the incoming/outgoing messages239    with the proxy listeners (message interceptors)."""240    # Check origin / referer header before anything else happens.241    if (242        not config.DISABLE_CORS_CHECKS243        and should_enforce_self_managed_service(method, path, headers, data_bytes)244        and not is_cors_origin_allowed(headers)245    ):246        LOG.info(247            "Blocked CORS request from forbidden origin %s",248            headers.get("origin") or headers.get("referer"),249        )250        return cors_error_response()251    listeners = ProxyListener.DEFAULT_LISTENERS + (listeners or [])252    listeners = [lis for lis in listeners if lis]253    data = data_bytes254    def is_full_url(url):255        return re.match(r"[a-zA-Z]+://.+", url)256    if is_full_url(path):257        path = path.split("://", 1)[1]258        path = "/%s" % (path.split("/", 1)[1] if "/" in path else "")...

cors.py

Source:cors.py

...87    def __call__(self, chain: HandlerChain, context: RequestContext, response: Response) -> None:88        if (89            not config.DISABLE_CORS_CHECKS90            and self.should_enforce_self_managed_service(context)91            and not self.is_cors_origin_allowed(context.request.headers)92        ):93            LOG.info(94                "Blocked CORS request from forbidden origin %s",95                context.request.headers.get("origin") or context.request.headers.get("referer"),96            )97            response.status_code = 40398            chain.terminate()99    @staticmethod100    def should_enforce_self_managed_service(context: RequestContext) -> bool:101        """102        Some services are handling their CORS checks on their own (depending on config vars).103        :param context: context of the request for which to check if the CORS checks should be executed in here or in104                        the targeting service105        :return: True if the CORS rules should be enforced in here.106        """107        if config.DISABLE_CUSTOM_CORS_S3 and config.DISABLE_CUSTOM_CORS_APIGATEWAY:108            return True109        # allow only certain api calls without checking origin110        if context.service:111            service_name = context.service.service_name112            if not config.DISABLE_CUSTOM_CORS_S3 and service_name == "s3":113                return False114            if not config.DISABLE_CUSTOM_CORS_APIGATEWAY and service_name == "apigateway":115                return False116        return True117    @staticmethod118    def is_cors_origin_allowed(headers: Headers) -> bool:119        """Returns true if origin is allowed to perform cors requests, false otherwise."""120        origin = headers.get("origin")121        referer = headers.get("referer")122        if origin:123            return CorsEnforcer._is_in_allowed_origins(ALLOWED_CORS_ORIGINS, origin)124        elif referer:125            referer_uri = "{uri.scheme}://{uri.netloc}".format(uri=urlparse(referer))126            return CorsEnforcer._is_in_allowed_origins(ALLOWED_CORS_ORIGINS, referer_uri)127        # If both headers are not set, let it through (awscli etc. do not send these headers)128        return True129    @staticmethod130    def _is_in_allowed_origins(allowed_origins: List[str], origin: str) -> bool:131        """Returns true if the `origin` is in the `allowed_origins`."""132        for allowed_origin in allowed_origins:...

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.