(self, message: Message, send: Send, request_headers: Headers)
| 154 | await self.app(scope, receive, send) |
| 155 | |
| 156 | async def send(self, message: Message, send: Send, request_headers: Headers) -> None: |
| 157 | if message["type"] != "http.response.start": |
| 158 | await send(message) |
| 159 | return |
| 160 | |
| 161 | message.setdefault("headers", []) |
| 162 | headers = MutableHeaders(scope=message) |
| 163 | headers.update(self.simple_headers) |
| 164 | origin = request_headers["Origin"] |
| 165 | |
| 166 | # If credentials are allowed, then we must respond with the specific origin instead of '*'. |
| 167 | if self.allow_all_origins and self.allow_credentials: |
| 168 | self.allow_explicit_origin(headers, origin) |
| 169 | |
| 170 | # If we only allow specific origins, then we have to mirror back the Origin header in the response. |
| 171 | elif not self.allow_all_origins and self.is_allowed_origin(origin=origin): |
| 172 | self.allow_explicit_origin(headers, origin) |
| 173 | |
| 174 | await send(message) |
| 175 | |
| 176 | @staticmethod |
| 177 | def allow_explicit_origin(headers: MutableHeaders, origin: str) -> None: |
no test coverage detected