closes #41. CORS whitelist can be an *

loris-imageserver · Nov 18, 2013 · 9f36bd0 · 9f36bd0
1 parent ce22402
commit 9f36bd0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -82,7 +82,9 @@ some options:
   following property, `cors_whitelist` will be read and and the `Origin` header 
   of the request will be checked against that list. If there is a match, the 
   [`Access-Control-Allow-Origin`](http://www.w3.org/TR/cors/#access-control-allow-origin-response-header) will contain that value and the request 
-  should go through.
+  should go through. The value of this option can also be set to `*`, which will
+  make info requests publicly available (responses will include 
+  `Access-Control-Allow-Origin=*`)
 
   Note that you can also supply a `callback` parameter to requests (e.g. 
   `?callback=myfunct`) to do [JSONP](http://en.wikipedia.org/wiki/JSONP) style 

diff --git a/loris/webapp.py b/loris/webapp.py
@@ -352,7 +352,9 @@ def get_info_conneg(self, request, ident):
 	def get_info(self, request, ident):
 		r = LorisResponse()
 		if self.enable_cors and request.headers.get('origin'):
-			if request.headers['origin'] in self.cors_whitelist:
+			if self.cors_whitelist[0] == '*':
+				r.headers['access-control-allow-origin'] = '*'
+			elif request.headers['origin'] in self.cors_whitelist:
 				r.headers['access-control-allow-origin'] = request.headers['origin']
 
 		try: