51 lines
No EOL
2 KiB
Python
51 lines
No EOL
2 KiB
Python
"""
|
|
Middleware components for the OpenEventDatabase.
|
|
"""
|
|
|
|
import falcon
|
|
from oedb.utils.logging import logger
|
|
|
|
class HeaderMiddleware:
|
|
"""
|
|
Middleware that adds standard headers to all responses.
|
|
"""
|
|
|
|
def process_request(self, req, resp, resource, params):
|
|
"""
|
|
Handle preflight OPTIONS requests for CORS.
|
|
|
|
Args:
|
|
req: The request object.
|
|
resp: The response object.
|
|
resource: The resource object.
|
|
params: The request parameters.
|
|
"""
|
|
if req.method == 'OPTIONS':
|
|
logger.debug("Handling CORS preflight request")
|
|
resp.status = falcon.HTTP_200
|
|
return True # Skip further processing
|
|
|
|
def process_response(self, req, resp, resource, params):
|
|
"""
|
|
Add standard headers to the response.
|
|
|
|
Args:
|
|
req: The request object.
|
|
resp: The response object.
|
|
resource: The resource object.
|
|
params: The request parameters.
|
|
"""
|
|
logger.debug("Adding standard headers to response")
|
|
resp.set_header('X-Powered-By', 'OpenEventDatabase')
|
|
|
|
# CORS headers - Configuration optimisée pour embed.js
|
|
resp.set_header('Access-Control-Allow-Origin', '*')
|
|
resp.set_header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Authorization, Accept, Origin, User-Agent, Referer')
|
|
resp.set_header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, HEAD')
|
|
resp.set_header('Access-Control-Allow-Credentials', 'false')
|
|
resp.set_header('Access-Control-Max-Age', '86400') # 24 hours
|
|
resp.set_header('Access-Control-Expose-Headers', 'Content-Length, Content-Type, Date, Server, X-Powered-By')
|
|
|
|
# Headers supplémentaires pour embed.js
|
|
resp.set_header('Vary', 'Origin')
|
|
resp.set_header('Cache-Control', 'public, max-age=300') # Cache de 5 minutes pour les requêtes embed |