Added samples for handling CORS requests. (GoogleCloudPlatform#1652)

chenyumic · web-flow · commit 779a5259c53a · 2018-10-08T15:50:41.000-07:00
* Added samples for handling CORS requests.

* Minor fix

* Moved samples to http/

* Minor fix.
diff --git a/functions/http/main.py b/functions/http/main.py
@@ -118,3 +118,60 @@ def get_signed_url(request):
 
     return url
 # [END functions_http_signed_url]
+
+
+# [START functions_http_cors]
+def cors_enabled_function(request):
+    # For more information about CORS and CORS preflight requests, see
+    # https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
+    # for more information.
+
+    # Set CORS headers for the preflight request
+    if request.method == 'OPTIONS':
+        # Allows GET requests from any origin with the Content-Type
+        # header and caches preflight response for an 3600s
+        headers = {
+            'Access-Control-Allow-Origin': '*',
+            'Access-Control-Allow-Methods': 'GET',
+            'Access-Control-Allow-Headers': 'Content-Type',
+            'Access-Control-Max-Age': '3600'
+        }
+
+        return ('', 204, headers)
+
+    # Set CORS headers for the main request
+    headers = {
+        'Access-Control-Allow-Origin': '*'
+    }
+
+    return ('Hello World!', 200, headers)
+# [END functions_http_cors]
+
+
+# [START functions_http_cors_auth]
+def cors_enabled_function_auth(request):
+    # For more information about CORS and CORS preflight requests, see
+    # https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
+    # for more information.
+
+    # Set CORS headers for preflight requests
+    if request.method == 'OPTIONS':
+        # Allows GET requests from origin https://mydomain.com with
+        # Authorization header
+        headers = {
+            'Access-Control-Allow-Origin': 'https://mydomain.com',
+            'Access-Control-Allow-Methods': 'GET',
+            'Access-Control-Allow-Headers': 'Authorization',
+            'Access-Control-Max-Age': '3600',
+            'Access-Control-Allow-Credentials': 'true'
+        }
+        return ('', 204, headers)
+
+    # Set CORS headers for main requests
+    headers = {
+        'Access-Control-Allow-Origin': 'https://mydomain.com',
+        'Access-Control-Allow-Credentials': 'true'
+    }
+
+    return ('Hello World!', 200, headers)
+# [END functions_http_cors_auth]
diff --git a/functions/http/main_test.py b/functions/http/main_test.py
@@ -0,0 +1,58 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import flask
+import pytest
+
+import main
+
+
+# Create a fake "app" for generating test request contexts.
+@pytest.fixture(scope="module")
+def app():
+    return flask.Flask(__name__)
+
+
+def test_cors_enabled_function_preflight(app):
+    with app.test_request_context(method='OPTIONS'):
+        res = main.cors_enabled_function(flask.request)
+        assert res[2].get('Access-Control-Allow-Origin') == '*'
+        assert res[2].get('Access-Control-Allow-Methods') == 'GET'
+        assert res[2].get('Access-Control-Allow-Headers') == 'Content-Type'
+        assert res[2].get('Access-Control-Max-Age') == '3600'
+
+
+def test_cors_enabled_function_main(app):
+    with app.test_request_context(method='GET'):
+        res = main.cors_enabled_function(flask.request)
+        assert res[2].get('Access-Control-Allow-Origin') == '*'
+
+
+def test_cors_enabled_function_auth_preflight(app):
+    with app.test_request_context(method='OPTIONS'):
+        res = main.cors_enabled_function_auth(flask.request)
+        assert res[2].get('Access-Control-Allow-Origin') == \
+            'https://mydomain.com'
+        assert res[2].get('Access-Control-Allow-Methods') == 'GET'
+        assert res[2].get('Access-Control-Allow-Headers') == 'Authorization'
+        assert res[2].get('Access-Control-Max-Age') == '3600'
+        assert res[2].get('Access-Control-Allow-Credentials') == 'true'
+
+
+def test_cors_enabled_function_auth_main(app):
+    with app.test_request_context(method='GET'):
+        res = main.cors_enabled_function_auth(flask.request)
+        assert res[2].get('Access-Control-Allow-Origin') == \
+            'https://mydomain.com'
+        assert res[2].get('Access-Control-Allow-Credentials') == 'true'
