oedb-backend/oedb/middleware/headers.py

"""
Middleware components for the OpenEventDatabase.
"""

import falcon
from oedb.utils.logging import logger

class HeaderMiddleware:
    """
    Middleware that adds standard headers to all responses.
    """
    
    def process_request(self, req, resp, resource, params):
        """
        Handle preflight OPTIONS requests for CORS.
        
        Args:
            req: The request object.
            resp: The response object.
            resource: The resource object.
            params: The request parameters.
        """
        if req.method == 'OPTIONS':
            logger.debug("Handling CORS preflight request")
            resp.status = falcon.HTTP_200
            return True  # Skip further processing
    
    def process_response(self, req, resp, resource, params):
        """
        Add standard headers to the response.
        
        Args:
            req: The request object.
            resp: The response object.
            resource: The resource object.
            params: The request parameters.
        """
        logger.debug("Adding standard headers to response")
        resp.set_header('X-Powered-By', 'OpenEventDatabase')
        
        # CORS headers - Configuration optimisée pour embed.js
        resp.set_header('Access-Control-Allow-Origin', '*')
        resp.set_header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Authorization, Accept, Origin, User-Agent, Referer')
        resp.set_header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, HEAD')
        resp.set_header('Access-Control-Allow-Credentials', 'false')
        resp.set_header('Access-Control-Max-Age', '86400')  # 24 hours
        resp.set_header('Access-Control-Expose-Headers', 'Content-Length, Content-Type, Date, Server, X-Powered-By')
        
        # Headers supplémentaires pour embed.js
        resp.set_header('Vary', 'Origin')
        resp.set_header('Cache-Control', 'public, max-age=300')  # Cache de 5 minutes pour les requêtes embed
up stuff 2025-09-15 23:25:11 +02:00			`"""`
			`Middleware components for the OpenEventDatabase.`
			`"""`

style agenda 2025-10-13 10:49:13 +02:00			`import falcon`
up stuff 2025-09-15 23:25:11 +02:00			`from oedb.utils.logging import logger`

			`class HeaderMiddleware:`
			`"""`
			`Middleware that adds standard headers to all responses.`
			`"""`

style agenda 2025-10-13 10:49:13 +02:00			`def process_request(self, req, resp, resource, params):`
			`"""`
			`Handle preflight OPTIONS requests for CORS.`

			`Args:`
			`req: The request object.`
			`resp: The response object.`
			`resource: The resource object.`
			`params: The request parameters.`
			`"""`
			`if req.method == 'OPTIONS':`
			`logger.debug("Handling CORS preflight request")`
			`resp.status = falcon.HTTP_200`
			`return True # Skip further processing`

up stuff 2025-09-15 23:25:11 +02:00			`def process_response(self, req, resp, resource, params):`
			`"""`
			`Add standard headers to the response.`

			`Args:`
			`req: The request object.`
			`resp: The response object.`
			`resource: The resource object.`
			`params: The request parameters.`
			`"""`
			`logger.debug("Adding standard headers to response")`
			`resp.set_header('X-Powered-By', 'OpenEventDatabase')`
style agenda 2025-10-13 10:49:13 +02:00
			`# CORS headers - Configuration optimisée pour embed.js`
up stuff 2025-09-15 23:25:11 +02:00			`resp.set_header('Access-Control-Allow-Origin', '*')`
style agenda 2025-10-13 10:49:13 +02:00			`resp.set_header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Authorization, Accept, Origin, User-Agent, Referer')`
			`resp.set_header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, HEAD')`
			`resp.set_header('Access-Control-Allow-Credentials', 'false')`
			`resp.set_header('Access-Control-Max-Age', '86400') # 24 hours`
			`resp.set_header('Access-Control-Expose-Headers', 'Content-Length, Content-Type, Date, Server, X-Powered-By')`

			`# Headers supplémentaires pour embed.js`
			`resp.set_header('Vary', 'Origin')`
			`resp.set_header('Cache-Control', 'public, max-age=300') # Cache de 5 minutes pour les requêtes embed`