a xds@sddlZddlmZmZddlmZmZddlmZm Z ddl m Z ddl m Z ddlmZddlmZd Zd Zd Zd Zd ZdZGddde ZGddde ZdS)N)AnyOptional) ParseResulturlparse) HttpRequest HttpResponse)patch_vary_headers)MiddlewareMixin)conf)check_request_enabledzAccess-Control-Allow-OriginzAccess-Control-Expose-Headersz Access-Control-Allow-CredentialszAccess-Control-Allow-HeaderszAccess-Control-Allow-MethodszAccess-Control-Max-Agec@sBeZdZeddddZeddddZeeeedddd ZdS) CorsPostCsrfMiddlewareNrequestreturncCs0tjr,d|jvr,|jd}||jd<|jd=dS)zj Put the HTTP_REFERER back to its original value and delete the temporary storage ORIGINAL_HTTP_REFERER HTTP_REFERERN)r CORS_REPLACE_HTTPS_REFERERMETA)selfr http_refererrN/var/www/html/Ranjet/env/lib/python3.9/site-packages/corsheaders/middleware.py_https_referer_replace_reverses  z5CorsPostCsrfMiddleware._https_referer_replace_reversecCs||dSNrrrrrrprocess_requests z&CorsPostCsrfMiddleware.process_requestrcallback callback_argscallback_kwargsrcCs||dSrrrrrrr rrr process_view#s z#CorsPostCsrfMiddleware.process_view)__name__ __module__ __qualname__rrrrr"rrrrr s r c@seZdZeddddZeeedddZeeeedddd Z eeed d d Z e e e d ddZe e dddZee dddZee dddZe e dddZdS)CorsMiddlewareNr cCs|jd}|r|rd|jvrt|}tjs@|||s@dSz<|jd}d|jd}|j|_||jd<||jd<WntyYn0dS)a When https is enabled, django CSRF checking includes referer checking which breaks when using CORS. This function updates the HTTP_REFERER header to make sure it matches HTTP_HOST, provided that our cors logic succeeds HTTP_ORIGINrNrz https://%s/Z HTTP_HOST) rgetZ is_securerr CORS_ALLOW_ALL_ORIGINSorigin_found_in_white_listscopyKeyError)rroriginurlrZ http_hostrrr_https_referer_replace/s*      z%CorsMiddleware._https_referer_replacecCsL|||_|jrHtjr"|||jdkrHd|jvrHt}d|d<|SdS)a If CORS preflight header, then create an empty body response (200 OK) and return it Django won't bother calling any other request view/exception middleware along with the requested view; it will call any response middlewares OPTIONSZ"HTTP_ACCESS_CONTROL_REQUEST_METHOD0zContent-LengthN) is_enabled _cors_enabledr rr/methodrr)rrresponserrrrNs  zCorsMiddleware.process_requestrcCs|jrtjr||dS)z9 Do the referer replacement here as well N)r3r rr/r!rrrr"es  zCorsMiddleware.process_view)rr5rcCst|dd}|dur||}|s&|St|dg|jd}|sF|Sz t|}Wntyh|YS0tjrxd|t <tj s| ||s| |s|Stj rtjsd|t <n||t <ttjrdtj|t<|jdkrdtj|t<dtj|t<tjrttj|t<|S) z1 Add the respective CORS headers r3NZOriginr'true*z, r0)getattrr2rrr(r ValueErrorr ZCORS_ALLOW_CREDENTIALS ACCESS_CONTROL_ALLOW_CREDENTIALSr)r* check_signalACCESS_CONTROL_ALLOW_ORIGINlenZCORS_EXPOSE_HEADERSjoinACCESS_CONTROL_EXPOSE_HEADERSr4ZCORS_ALLOW_HEADERSACCESS_CONTROL_ALLOW_HEADERSZCORS_ALLOW_METHODSACCESS_CONTROL_ALLOW_METHODSZCORS_PREFLIGHT_MAX_AGEstrACCESS_CONTROL_MAX_AGE)rrr5Zenabledr-r.rrrprocess_responsessF            zCorsMiddleware.process_response)r-r.rcCs&|dkr|tjvp$||p$||S)Nnull)r CORS_ALLOWED_ORIGINS_url_in_whitelistregex_domain_match)rr-r.rrrr*s z*CorsMiddleware.origin_found_in_white_lists)r-rcstfddtjDS)Nc3s|]}t|VqdSr)rematch).0Zdomain_patternr-rr sz4CorsMiddleware.regex_domain_match..)anyr ZCORS_ALLOWED_ORIGIN_REGEXES)rr-rrLrrHs z!CorsMiddleware.regex_domain_matchcCstttj|jp||Sr)boolrIrJr ZCORS_URLS_REGEXZ path_infor;rrrrr2s zCorsMiddleware.is_enabledcCs tjd|d}tdd|DS)N)Zsenderrcss|]\}}|VqdSrr)rKfunctionZ return_valuerrrrMz.CorsMiddleware.check_signal..)r sendrN)rrZsignal_responsesrrrr;szCorsMiddleware.check_signal)r.rcs&ddtjD}tfdd|DS)NcSsg|] }t|qSr)r)rKorrr rQz4CorsMiddleware._url_in_whitelist..c3s&|]}|jjko|jjkVqdSr)schemenetloc)rKr-r.rrrMsz3CorsMiddleware._url_in_whitelist..)r rFrN)rr.ZoriginsrrWrrGs z CorsMiddleware._url_in_whitelist)r#r$r%rr/rrrrr"rDrBrrOr*rHr2r;rGrrrrr&.s   4r&)rItypingrr urllib.parserrZ django.httprrZdjango.utils.cacherZdjango.utils.deprecationr Zcorsheaders.confr Zcorsheaders.signalsr r<r?r:r@rArCr r&rrrrs