summaryrefslogtreecommitdiff
path: root/oauthlib/oauth2/rfc6749/grant_types/base.py
diff options
context:
space:
mode:
Diffstat (limited to 'oauthlib/oauth2/rfc6749/grant_types/base.py')
-rw-r--r--oauthlib/oauth2/rfc6749/grant_types/base.py18
1 files changed, 18 insertions, 0 deletions
diff --git a/oauthlib/oauth2/rfc6749/grant_types/base.py b/oauthlib/oauth2/rfc6749/grant_types/base.py
index a64f168..ca343a1 100644
--- a/oauthlib/oauth2/rfc6749/grant_types/base.py
+++ b/oauthlib/oauth2/rfc6749/grant_types/base.py
@@ -10,6 +10,7 @@ from oauthlib.oauth2.rfc6749 import errors, utils
from oauthlib.uri_validate import is_absolute_uri
from ..request_validator import RequestValidator
+from ..utils import is_secure_transport
log = logging.getLogger(__name__)
@@ -248,3 +249,20 @@ class GrantTypeBase:
raise errors.MissingRedirectURIError(request=request)
if not is_absolute_uri(request.redirect_uri):
raise errors.InvalidRedirectURIError(request=request)
+
+ def _create_cors_headers(self, request):
+ """If CORS is allowed, create the appropriate headers."""
+ if 'origin' not in request.headers:
+ return {}
+
+ origin = request.headers['origin']
+ if not is_secure_transport(origin):
+ log.debug('Origin "%s" is not HTTPS, CORS not allowed.', origin)
+ return {}
+ elif not self.request_validator.is_origin_allowed(
+ request.client_id, origin, request):
+ log.debug('Invalid origin "%s", CORS not allowed.', origin)
+ return {}
+ else:
+ log.debug('Valid origin "%s", injecting CORS headers.', origin)
+ return {'Access-Control-Allow-Origin': origin}
View Lorry Controller Status