Comments (7)
Not sure, but I can try.
from litestar.
Thanks for the report.
Can you add a failing test case? Would be great.
from litestar.
Seems like this issue is related to Starlette CORSMiddleware
I've added a discussion in Starlette encode/starlette#1582
from litestar.
About test, you can just update existing one test_setting_cors_middleware
by changing this line
assert cors_middleware.allow_methods == ("DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT")
🙂
from litestar.
ok, I will check this out during the weekend.
from litestar.
So, i tested this as you suggested by adjusting that test. This is working correctly:
def test_setting_cors_middleware() -> None:
cors_config = CORSConfig(allow_methods=["OPTIONS", "POST"])
assert cors_config.allow_credentials is False
assert cors_config.allow_headers == ["*"]
assert cors_config.allow_methods == ["OPTIONS", "POST"]
assert cors_config.allow_origins == ["*"]
assert cors_config.allow_origin_regex is None
assert cors_config.max_age == 600
assert cors_config.expose_headers == []
client = create_test_client(route_handlers=[handler], cors_config=cors_config)
unpacked_middleware = []
cur = client.app.middleware_stack
while hasattr(cur, "app"):
unpacked_middleware.append(cur)
cur = cur.app # type: ignore
assert len(unpacked_middleware) == 2
cors_middleware = unpacked_middleware[0]
assert isinstance(cors_middleware, CORSMiddleware)
assert cors_middleware.allow_headers == ["*", "accept", "accept-language", "content-language", "content-type"]
assert cors_middleware.allow_methods == ['OPTIONS', 'POST']
assert cors_middleware.allow_origins == cors_config.allow_origins
assert cors_middleware.allow_origin_regex == cors_config.allow_origin_regex
Note that ['OPTIONS', 'POST']
are used everywhere.
Now, I understand what the issue is as far as you are concerned. You want the allowed methods to be based not on a global configuration but be per endpoint. I am afraid this is not possible using the middleware pattern because middleware is unaware of the endpoints. While it might be possible to modify this, it would be a complex architectural change to do.
The alternative approaches you can take are to use either a dependency that receives some parameters, or a decorator that takes the route handler and does something similar. These you will need to create on your end and if you think they are generic enough, you might add a PR to suggest them.
Inside Starlite the only possibility is to create a CORS layer separate from the middleware that is able to parse individual route_handlers and respond. This though is not a small change and will require substanital work. If you want to give it a try, you are welcome to do so.
from litestar.
There is work going in this direction in Starlette encode/starlette#1286, encode/starlette#685, so I think it is better to wait.
from litestar.
Related Issues (20)
- Bug:AttributeError: module 'pydantic._migration' has no attribute 'JsonValue' HOT 5
- Enhancement: SQLAdmin Support HOT 4
- Bug: Using asyncio.create_subprocess_shell / _exec in lifespan raises NotImplementedError HOT 3
- Bug: Parsing tagged unions HOT 1
- Bug: Exception not handled correctly HOT 1
- bug: CORS middleware not working with mounted applications HOT 1
- refactor: deprecate CORSMiddleware from public interface HOT 1
- Bug: cant upload one file only if type is list[UploadFile] | None HOT 3
- Bug: can't upload multiple files where `data: Optional[List[UploadFile]]` HOT 1
- Bug: `| None` removes the `Upload File` button in OpenAPI schema docs
- Enhancement(Packaging): Add/Maintain Debian package HOT 1
- Bug: minijinja import too early on FlashPlugin HOT 1
- Bug: ResponseHeaders results in invalid OpenAPI schema HOT 2
- NameError when `litestar.types.Guard` is used in the function parameter HOT 2
- Enhancement: Support RSGI Specification (granian) HOT 4
- Bug: StructlogPlugin loggers do not adhere to set log level HOT 2
- Bug: Different behavior for generating openapi schema names HOT 2
- Enhancement: allow route handlers to return `None` if `return_dto` is set without configuring `partial`
- Bug: regular handler under asgi mount path conflicts with routing to asgi app HOT 3
- Bug(docs): AA intersphinx 404 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from litestar.