Joe*_*ern 22 ajax jquery cors bottle
我正在使用Bottle Web Framework上的Web服务的RESTful API,并希望使用jQuery AJAX调用来访问资源.
使用REST客户端,资源接口按预期工作并正确处理GET,POST,...请求.但是当发送jQuery AJAX POST请求时,生成的OPTIONS预检请求被简单地拒绝为'405:Method not allowed'.
我尝试在Bottle服务器上启用CORS - 如下所述:http://bottlepy.org/docs/dev/recipes.html#using-the-hooks-plugin 但是从不为OPTIONS请求调用after_request挂钩.
这是我的服务器的摘录:
from bottle import Bottle, run, request, response
import simplejson as json
app = Bottle()
@app.hook('after_request')
def enable_cors():
print "after_request hook"
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'
@app.post('/cors')
def lvambience():
response.headers['Content-Type'] = 'application/json'
return "[1]"
[...]
jQuery AJAX调用:
$.ajax({
type: "POST",
url: "http://192.168.169.9:8080/cors",
data: JSON.stringify( data ),
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function(data){
alert(data);
},
failure: function(err) {
alert(err);
}
});
服务器只记录405错误:
192.168.169.3 - - [23/Jun/2013 17:10:53] "OPTIONS /cors HTTP/1.1" 405 741
$ .post确实有效,但无法发送PUT请求会破坏RESTful服务的目的.那么如何才能处理OPTIONS预检请求呢?
ron*_*man 32
安装处理程序而不是钩子.
我过去有两种互补方式:decorator或Bottle插件.我会告诉你们两个,你可以决定它们中的一个(或两个)是否适合你的需要.在这两种情况下,一般的想法是:处理程序在将响应发送回客户端之前拦截响应,插入CORS头,然后继续返回响应.
当您只想在某些路由上运行处理程序时,此方法更可取.只需装饰您希望它执行的每条路线.这是一个例子:
import bottle
from bottle import response
# the decorator
def enable_cors(fn):
def _enable_cors(*args, **kwargs):
# set CORS headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'
if bottle.request.method != 'OPTIONS':
# actual request; reply with the actual response
return fn(*args, **kwargs)
return _enable_cors
app = bottle.app()
@app.route('/cors', method=['OPTIONS', 'GET'])
@enable_cors
def lvambience():
response.headers['Content-type'] = 'application/json'
return '[1]'
app.run(port=8001)
如果您希望处理程序在所有或大多数路由上执行,则此方法更可取.你只需要定义一个Bottle插件,Bottle会在每条路线上自动为你调用它; 无需在每个上指定装饰器.(请注意,您可以使用路由的skip参数来避免每个路由的此处理程序.)这是一个与上面的对应的示例:
import bottle
from bottle import response
class EnableCors(object):
name = 'enable_cors'
api = 2
def apply(self, fn, context):
def _enable_cors(*args, **kwargs):
# set CORS headers
response.headers['Access-Control-Allow-Origin'] = '*'
response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'
if bottle.request.method != 'OPTIONS':
# actual request; reply with the actual response
return fn(*args, **kwargs)
return _enable_cors
app = bottle.app()
@app.route('/cors', method=['OPTIONS', 'GET'])
def lvambience():
response.headers['Content-type'] = 'application/json'
return '[1]'
app.install(EnableCors())
app.run(port=8001)
这是@ ron.rothman的方法2的一个小改进,该方法用于全局安装CORS处理程序。他的方法要求您指定OPTIONS在您声明的每条路线上都接受该方法。此解决方案为所有OPTIONS请求安装一个全局处理程序。
@bottle.route('/<:re:.*>', method='OPTIONS')
def enable_cors_generic_route():
"""
This route takes priority over all others. So any request with an OPTIONS
method will be handled by this function.
See: https://github.com/bottlepy/bottle/issues/402
NOTE: This means we won't 404 any invalid path that is an OPTIONS request.
"""
add_cors_headers()
@bottle.hook('after_request')
def enable_cors_after_request_hook():
"""
This executes after every route. We use it to attach CORS headers when
applicable.
"""
add_cors_headers()
def add_cors_headers():
if SOME_CONDITION: # You don't have to gate this
bottle.response.headers['Access-Control-Allow-Origin'] = '*'
bottle.response.headers['Access-Control-Allow-Methods'] = \
'GET, POST, PUT, OPTIONS'
bottle.response.headers['Access-Control-Allow-Headers'] = \
'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token'
```