aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/python/Flask-Cors
diff options
context:
space:
mode:
authornkozlovskiy <nmk@ydb.tech>2023-09-29 12:24:06 +0300
committernkozlovskiy <nmk@ydb.tech>2023-09-29 12:41:34 +0300
commite0e3e1717e3d33762ce61950504f9637a6e669ed (patch)
treebca3ff6939b10ed60c3d5c12439963a1146b9711 /contrib/python/Flask-Cors
parent38f2c5852db84c7b4d83adfcb009eb61541d1ccd (diff)
downloadydb-e0e3e1717e3d33762ce61950504f9637a6e669ed.tar.gz
add ydb deps
Diffstat (limited to 'contrib/python/Flask-Cors')
-rw-r--r--contrib/python/Flask-Cors/py2/.dist-info/METADATA149
-rw-r--r--contrib/python/Flask-Cors/py2/.dist-info/top_level.txt1
-rw-r--r--contrib/python/Flask-Cors/py2/LICENSE7
-rw-r--r--contrib/python/Flask-Cors/py2/README.rst119
-rw-r--r--contrib/python/Flask-Cors/py2/flask_cors/__init__.py27
-rw-r--r--contrib/python/Flask-Cors/py2/flask_cors/core.py383
-rw-r--r--contrib/python/Flask-Cors/py2/flask_cors/decorator.py135
-rw-r--r--contrib/python/Flask-Cors/py2/flask_cors/extension.py190
-rw-r--r--contrib/python/Flask-Cors/py2/flask_cors/version.py1
-rw-r--r--contrib/python/Flask-Cors/py2/ya.make31
-rw-r--r--contrib/python/Flask-Cors/py3/.dist-info/METADATA147
-rw-r--r--contrib/python/Flask-Cors/py3/.dist-info/top_level.txt1
-rw-r--r--contrib/python/Flask-Cors/py3/LICENSE7
-rw-r--r--contrib/python/Flask-Cors/py3/README.rst122
-rw-r--r--contrib/python/Flask-Cors/py3/flask_cors/__init__.py27
-rw-r--r--contrib/python/Flask-Cors/py3/flask_cors/core.py382
-rw-r--r--contrib/python/Flask-Cors/py3/flask_cors/decorator.py137
-rw-r--r--contrib/python/Flask-Cors/py3/flask_cors/extension.py201
-rw-r--r--contrib/python/Flask-Cors/py3/flask_cors/version.py1
-rw-r--r--contrib/python/Flask-Cors/py3/ya.make30
-rw-r--r--contrib/python/Flask-Cors/ya.make18
21 files changed, 2116 insertions, 0 deletions
diff --git a/contrib/python/Flask-Cors/py2/.dist-info/METADATA b/contrib/python/Flask-Cors/py2/.dist-info/METADATA
new file mode 100644
index 0000000000..d7a3ad9998
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/.dist-info/METADATA
@@ -0,0 +1,149 @@
+Metadata-Version: 2.1
+Name: Flask-Cors
+Version: 3.0.10
+Summary: A Flask extension adding a decorator for CORS support
+Home-page: https://github.com/corydolphin/flask-cors
+Author: Cory Dolphin
+Author-email: corydolphin@gmail.com
+License: MIT
+Platform: any
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Dist: Flask (>=0.9)
+Requires-Dist: Six
+
+Flask-CORS
+==========
+
+|Build Status| |Latest Version| |Supported Python versions|
+|License|
+
+A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
+
+This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain.
+This means no mucking around with different allowed headers, methods, etc.
+
+By default, submission of cookies across domains is disabled due to the security implications.
+Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of `CSRF <http://en.wikipedia.org/wiki/Cross-site_request_forgery>`__ protection before doing so!
+
+Installation
+------------
+
+Install the extension with using pip, or easy\_install.
+
+.. code:: bash
+
+ $ pip install -U flask-cors
+
+Usage
+-----
+
+This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods.
+It allows parameterization of all CORS headers on a per-resource level.
+The package also contains a decorator, for those who prefer this approach.
+
+Simple Usage
+~~~~~~~~~~~~
+
+In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes.
+See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
+
+.. code:: python
+
+
+ from flask import Flask
+ from flask_cors import CORS
+
+ app = Flask(__name__)
+ CORS(app)
+
+ @app.route("/")
+ def helloWorld():
+ return "Hello, cross-origin-world!"
+
+Resource specific CORS
+^^^^^^^^^^^^^^^^^^^^^^
+
+Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the `resources` option, mapping paths to a set of options.
+See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
+
+.. code:: python
+
+ app = Flask(__name__)
+ cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
+
+ @app.route("/api/v1/users")
+ def list_users():
+ return "user example"
+
+Route specific CORS via decorator
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This extension also exposes a simple decorator to decorate flask routes with.
+Simply add ``@cross_origin()`` below a call to Flask's ``@app.route(..)`` to allow CORS on a given route.
+See the full list of options in the `decorator documentation <https://flask-cors.corydolphin.com/en/latest/api.html#decorator>`__.
+
+.. code:: python
+
+ @app.route("/")
+ @cross_origin()
+ def helloWorld():
+ return "Hello, cross-origin-world!"
+
+Documentation
+-------------
+
+For a full list of options, please see the full `documentation <https://flask-cors.corydolphin.com/en/latest/api.html>`__
+
+Troubleshooting
+---------------
+
+If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.
+
+.. code:: python
+
+ logging.getLogger('flask_cors').level = logging.DEBUG
+
+
+Tests
+-----
+
+A simple set of tests is included in ``test/``.
+To run, install nose, and simply invoke ``nosetests`` or ``python setup.py test`` to exercise the tests.
+
+Contributing
+------------
+
+Questions, comments or improvements?
+Please create an issue on `Github <https://github.com/corydolphin/flask-cors>`__, tweet at `@corydolphin <https://twitter.com/corydolphin>`__ or send me an email.
+I do my best to include every contribution proposed in any way that I can.
+
+Credits
+-------
+
+This Flask extension is based upon the `Decorator for the HTTP Access Control <http://flask.pocoo.org/snippets/56/>`__ written by Armin Ronacher.
+
+.. |Build Status| image:: https://api.travis-ci.org/corydolphin/flask-cors.svg?branch=master
+ :target: https://travis-ci.org/corydolphin/flask-cors
+.. |Latest Version| image:: https://img.shields.io/pypi/v/Flask-Cors.svg
+ :target: https://pypi.python.org/pypi/Flask-Cors/
+.. |Supported Python versions| image:: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
+ :target: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
+.. |License| image:: http://img.shields.io/:license-mit-blue.svg
+ :target: https://pypi.python.org/pypi/Flask-Cors/
+
+
diff --git a/contrib/python/Flask-Cors/py2/.dist-info/top_level.txt b/contrib/python/Flask-Cors/py2/.dist-info/top_level.txt
new file mode 100644
index 0000000000..27af98818d
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/.dist-info/top_level.txt
@@ -0,0 +1 @@
+flask_cors
diff --git a/contrib/python/Flask-Cors/py2/LICENSE b/contrib/python/Flask-Cors/py2/LICENSE
new file mode 100644
index 0000000000..46d932f8d8
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/LICENSE
@@ -0,0 +1,7 @@
+Copyright (C) 2016 Cory Dolphin, Olin College
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file
diff --git a/contrib/python/Flask-Cors/py2/README.rst b/contrib/python/Flask-Cors/py2/README.rst
new file mode 100644
index 0000000000..a3edba2b18
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/README.rst
@@ -0,0 +1,119 @@
+Flask-CORS
+==========
+
+|Build Status| |Latest Version| |Supported Python versions|
+|License|
+
+A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
+
+This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain.
+This means no mucking around with different allowed headers, methods, etc.
+
+By default, submission of cookies across domains is disabled due to the security implications.
+Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of `CSRF <http://en.wikipedia.org/wiki/Cross-site_request_forgery>`__ protection before doing so!
+
+Installation
+------------
+
+Install the extension with using pip, or easy\_install.
+
+.. code:: bash
+
+ $ pip install -U flask-cors
+
+Usage
+-----
+
+This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods.
+It allows parameterization of all CORS headers on a per-resource level.
+The package also contains a decorator, for those who prefer this approach.
+
+Simple Usage
+~~~~~~~~~~~~
+
+In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes.
+See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
+
+.. code:: python
+
+
+ from flask import Flask
+ from flask_cors import CORS
+
+ app = Flask(__name__)
+ CORS(app)
+
+ @app.route("/")
+ def helloWorld():
+ return "Hello, cross-origin-world!"
+
+Resource specific CORS
+^^^^^^^^^^^^^^^^^^^^^^
+
+Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the `resources` option, mapping paths to a set of options.
+See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
+
+.. code:: python
+
+ app = Flask(__name__)
+ cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
+
+ @app.route("/api/v1/users")
+ def list_users():
+ return "user example"
+
+Route specific CORS via decorator
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This extension also exposes a simple decorator to decorate flask routes with.
+Simply add ``@cross_origin()`` below a call to Flask's ``@app.route(..)`` to allow CORS on a given route.
+See the full list of options in the `decorator documentation <https://flask-cors.corydolphin.com/en/latest/api.html#decorator>`__.
+
+.. code:: python
+
+ @app.route("/")
+ @cross_origin()
+ def helloWorld():
+ return "Hello, cross-origin-world!"
+
+Documentation
+-------------
+
+For a full list of options, please see the full `documentation <https://flask-cors.corydolphin.com/en/latest/api.html>`__
+
+Troubleshooting
+---------------
+
+If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.
+
+.. code:: python
+
+ logging.getLogger('flask_cors').level = logging.DEBUG
+
+
+Tests
+-----
+
+A simple set of tests is included in ``test/``.
+To run, install nose, and simply invoke ``nosetests`` or ``python setup.py test`` to exercise the tests.
+
+Contributing
+------------
+
+Questions, comments or improvements?
+Please create an issue on `Github <https://github.com/corydolphin/flask-cors>`__, tweet at `@corydolphin <https://twitter.com/corydolphin>`__ or send me an email.
+I do my best to include every contribution proposed in any way that I can.
+
+Credits
+-------
+
+This Flask extension is based upon the `Decorator for the HTTP Access Control <http://flask.pocoo.org/snippets/56/>`__ written by Armin Ronacher.
+
+.. |Build Status| image:: https://api.travis-ci.org/corydolphin/flask-cors.svg?branch=master
+ :target: https://travis-ci.org/corydolphin/flask-cors
+.. |Latest Version| image:: https://img.shields.io/pypi/v/Flask-Cors.svg
+ :target: https://pypi.python.org/pypi/Flask-Cors/
+.. |Supported Python versions| image:: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
+ :target: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
+.. |License| image:: http://img.shields.io/:license-mit-blue.svg
+ :target: https://pypi.python.org/pypi/Flask-Cors/
diff --git a/contrib/python/Flask-Cors/py2/flask_cors/__init__.py b/contrib/python/Flask-Cors/py2/flask_cors/__init__.py
new file mode 100644
index 0000000000..c84a763f80
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/flask_cors/__init__.py
@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+"""
+ flask_cors
+ ~~~~
+ Flask-CORS is a simple extension to Flask allowing you to support cross
+ origin resource sharing (CORS) using a simple decorator.
+
+ :copyright: (c) 2016 by Cory Dolphin.
+ :license: MIT, see LICENSE for more details.
+"""
+from .decorator import cross_origin
+from .extension import CORS
+from .version import __version__
+
+__all__ = ['CORS', 'cross_origin']
+
+# Set default logging handler to avoid "No handler found" warnings.
+import logging
+from logging import NullHandler
+
+# Set initial level to WARN. Users must manually enable logging for
+# flask_cors to see our logging.
+rootlogger = logging.getLogger(__name__)
+rootlogger.addHandler(NullHandler())
+
+if rootlogger.level == logging.NOTSET:
+ rootlogger.setLevel(logging.WARN) \ No newline at end of file
diff --git a/contrib/python/Flask-Cors/py2/flask_cors/core.py b/contrib/python/Flask-Cors/py2/flask_cors/core.py
new file mode 100644
index 0000000000..7654cb167a
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/flask_cors/core.py
@@ -0,0 +1,383 @@
+# -*- coding: utf-8 -*-
+"""
+ core
+ ~~~~
+ Core functionality shared between the extension and the decorator.
+
+ :copyright: (c) 2016 by Cory Dolphin.
+ :license: MIT, see LICENSE for more details.
+"""
+import re
+import logging
+try:
+ # on python 3
+ from collections.abc import Iterable
+except ImportError:
+ # on python 2.7 and pypy
+ from collections import Iterable
+from datetime import timedelta
+from six import string_types
+from flask import request, current_app
+from werkzeug.datastructures import Headers, MultiDict
+
+LOG = logging.getLogger(__name__)
+
+# Response Headers
+ACL_ORIGIN = 'Access-Control-Allow-Origin'
+ACL_METHODS = 'Access-Control-Allow-Methods'
+ACL_ALLOW_HEADERS = 'Access-Control-Allow-Headers'
+ACL_EXPOSE_HEADERS = 'Access-Control-Expose-Headers'
+ACL_CREDENTIALS = 'Access-Control-Allow-Credentials'
+ACL_MAX_AGE = 'Access-Control-Max-Age'
+
+# Request Header
+ACL_REQUEST_METHOD = 'Access-Control-Request-Method'
+ACL_REQUEST_HEADERS = 'Access-Control-Request-Headers'
+
+ALL_METHODS = ['GET', 'HEAD', 'POST', 'OPTIONS', 'PUT', 'PATCH', 'DELETE']
+CONFIG_OPTIONS = ['CORS_ORIGINS', 'CORS_METHODS', 'CORS_ALLOW_HEADERS',
+ 'CORS_EXPOSE_HEADERS', 'CORS_SUPPORTS_CREDENTIALS',
+ 'CORS_MAX_AGE', 'CORS_SEND_WILDCARD',
+ 'CORS_AUTOMATIC_OPTIONS', 'CORS_VARY_HEADER',
+ 'CORS_RESOURCES', 'CORS_INTERCEPT_EXCEPTIONS',
+ 'CORS_ALWAYS_SEND']
+# Attribute added to request object by decorator to indicate that CORS
+# was evaluated, in case the decorator and extension are both applied
+# to a view.
+FLASK_CORS_EVALUATED = '_FLASK_CORS_EVALUATED'
+
+# Strange, but this gets the type of a compiled regex, which is otherwise not
+# exposed in a public API.
+RegexObject = type(re.compile(''))
+DEFAULT_OPTIONS = dict(origins='*',
+ methods=ALL_METHODS,
+ allow_headers='*',
+ expose_headers=None,
+ supports_credentials=False,
+ max_age=None,
+ send_wildcard=False,
+ automatic_options=True,
+ vary_header=True,
+ resources=r'/*',
+ intercept_exceptions=True,
+ always_send=True)
+
+
+def parse_resources(resources):
+ if isinstance(resources, dict):
+ # To make the API more consistent with the decorator, allow a
+ # resource of '*', which is not actually a valid regexp.
+ resources = [(re_fix(k), v) for k, v in resources.items()]
+
+ # Sort by regex length to provide consistency of matching and
+ # to provide a proxy for specificity of match. E.G. longer
+ # regular expressions are tried first.
+ def pattern_length(pair):
+ maybe_regex, _ = pair
+ return len(get_regexp_pattern(maybe_regex))
+
+ return sorted(resources,
+ key=pattern_length,
+ reverse=True)
+
+ elif isinstance(resources, string_types):
+ return [(re_fix(resources), {})]
+
+ elif isinstance(resources, Iterable):
+ return [(re_fix(r), {}) for r in resources]
+
+ # Type of compiled regex is not part of the public API. Test for this
+ # at runtime.
+ elif isinstance(resources, RegexObject):
+ return [(re_fix(resources), {})]
+
+ else:
+ raise ValueError("Unexpected value for resources argument.")
+
+
+def get_regexp_pattern(regexp):
+ """
+ Helper that returns regexp pattern from given value.
+
+ :param regexp: regular expression to stringify
+ :type regexp: _sre.SRE_Pattern or str
+ :returns: string representation of given regexp pattern
+ :rtype: str
+ """
+ try:
+ return regexp.pattern
+ except AttributeError:
+ return str(regexp)
+
+
+def get_cors_origins(options, request_origin):
+ origins = options.get('origins')
+ wildcard = r'.*' in origins
+
+ # If the Origin header is not present terminate this set of steps.
+ # The request is outside the scope of this specification.-- W3Spec
+ if request_origin:
+ LOG.debug("CORS request received with 'Origin' %s", request_origin)
+
+ # If the allowed origins is an asterisk or 'wildcard', always match
+ if wildcard and options.get('send_wildcard'):
+ LOG.debug("Allowed origins are set to '*'. Sending wildcard CORS header.")
+ return ['*']
+ # If the value of the Origin header is a case-sensitive match
+ # for any of the values in list of origins
+ elif try_match_any(request_origin, origins):
+ LOG.debug("The request's Origin header matches. Sending CORS headers.", )
+ # Add a single Access-Control-Allow-Origin header, with either
+ # the value of the Origin header or the string "*" as value.
+ # -- W3Spec
+ return [request_origin]
+ else:
+ LOG.debug("The request's Origin header does not match any of allowed origins.")
+ return None
+
+
+ elif options.get('always_send'):
+ if wildcard:
+ # If wildcard is in the origins, even if 'send_wildcard' is False,
+ # simply send the wildcard. Unless supports_credentials is True,
+ # since that is forbidded by the spec..
+ # It is the most-likely to be correct thing to do (the only other
+ # option is to return nothing, which almost certainly not what
+ # the developer wants if the '*' origin was specified.
+ if options.get('supports_credentials'):
+ return None
+ else:
+ return ['*']
+ else:
+ # Return all origins that are not regexes.
+ return sorted([o for o in origins if not probably_regex(o)])
+
+ # Terminate these steps, return the original request untouched.
+ else:
+ LOG.debug("The request did not contain an 'Origin' header. This means the browser or client did not request CORS, ensure the Origin Header is set.")
+ return None
+
+
+def get_allow_headers(options, acl_request_headers):
+ if acl_request_headers:
+ request_headers = [h.strip() for h in acl_request_headers.split(',')]
+
+ # any header that matches in the allow_headers
+ matching_headers = filter(
+ lambda h: try_match_any(h, options.get('allow_headers')),
+ request_headers
+ )
+
+ return ', '.join(sorted(matching_headers))
+
+ return None
+
+
+def get_cors_headers(options, request_headers, request_method):
+ origins_to_set = get_cors_origins(options, request_headers.get('Origin'))
+ headers = MultiDict()
+
+ if not origins_to_set: # CORS is not enabled for this route
+ return headers
+
+ for origin in origins_to_set:
+ headers.add(ACL_ORIGIN, origin)
+
+ headers[ACL_EXPOSE_HEADERS] = options.get('expose_headers')
+
+ if options.get('supports_credentials'):
+ headers[ACL_CREDENTIALS] = 'true' # case sensative
+
+ # This is a preflight request
+ # http://www.w3.org/TR/cors/#resource-preflight-requests
+ if request_method == 'OPTIONS':
+ acl_request_method = request_headers.get(ACL_REQUEST_METHOD, '').upper()
+
+ # If there is no Access-Control-Request-Method header or if parsing
+ # failed, do not set any additional headers
+ if acl_request_method and acl_request_method in options.get('methods'):
+
+ # If method is not a case-sensitive match for any of the values in
+ # list of methods do not set any additional headers and terminate
+ # this set of steps.
+ headers[ACL_ALLOW_HEADERS] = get_allow_headers(options, request_headers.get(ACL_REQUEST_HEADERS))
+ headers[ACL_MAX_AGE] = options.get('max_age')
+ headers[ACL_METHODS] = options.get('methods')
+ else:
+ LOG.info("The request's Access-Control-Request-Method header does not match allowed methods. CORS headers will not be applied.")
+
+ # http://www.w3.org/TR/cors/#resource-implementation
+ if options.get('vary_header'):
+ # Only set header if the origin returned will vary dynamically,
+ # i.e. if we are not returning an asterisk, and there are multiple
+ # origins that can be matched.
+ if headers[ACL_ORIGIN] == '*':
+ pass
+ elif (len(options.get('origins')) > 1 or
+ len(origins_to_set) > 1 or
+ any(map(probably_regex, options.get('origins')))):
+ headers.add('Vary', 'Origin')
+
+ return MultiDict((k, v) for k, v in headers.items() if v)
+
+
+def set_cors_headers(resp, options):
+ """
+ Performs the actual evaluation of Flas-CORS options and actually
+ modifies the response object.
+
+ This function is used both in the decorator and the after_request
+ callback
+ """
+
+ # If CORS has already been evaluated via the decorator, skip
+ if hasattr(resp, FLASK_CORS_EVALUATED):
+ LOG.debug('CORS have been already evaluated, skipping')
+ return resp
+
+ # Some libraries, like OAuthlib, set resp.headers to non Multidict
+ # objects (Werkzeug Headers work as well). This is a problem because
+ # headers allow repeated values.
+ if (not isinstance(resp.headers, Headers)
+ and not isinstance(resp.headers, MultiDict)):
+ resp.headers = MultiDict(resp.headers)
+
+ headers_to_set = get_cors_headers(options, request.headers, request.method)
+
+ LOG.debug('Settings CORS headers: %s', str(headers_to_set))
+
+ for k, v in headers_to_set.items():
+ resp.headers.add(k, v)
+
+ return resp
+
+def probably_regex(maybe_regex):
+ if isinstance(maybe_regex, RegexObject):
+ return True
+ else:
+ common_regex_chars = ['*', '\\', ']', '?', '$', '^', '[', ']', '(', ')']
+ # Use common characters used in regular expressions as a proxy
+ # for if this string is in fact a regex.
+ return any((c in maybe_regex for c in common_regex_chars))
+
+def re_fix(reg):
+ """
+ Replace the invalid regex r'*' with the valid, wildcard regex r'/.*' to
+ enable the CORS app extension to have a more user friendly api.
+ """
+ return r'.*' if reg == r'*' else reg
+
+
+def try_match_any(inst, patterns):
+ return any(try_match(inst, pattern) for pattern in patterns)
+
+
+def try_match(request_origin, maybe_regex):
+ """Safely attempts to match a pattern or string to a request origin."""
+ if isinstance(maybe_regex, RegexObject):
+ return re.match(maybe_regex, request_origin)
+ elif probably_regex(maybe_regex):
+ return re.match(maybe_regex, request_origin, flags=re.IGNORECASE)
+ else:
+ try:
+ return request_origin.lower() == maybe_regex.lower()
+ except AttributeError:
+ return request_origin == maybe_regex
+
+
+def get_cors_options(appInstance, *dicts):
+ """
+ Compute CORS options for an application by combining the DEFAULT_OPTIONS,
+ the app's configuration-specified options and any dictionaries passed. The
+ last specified option wins.
+ """
+ options = DEFAULT_OPTIONS.copy()
+ options.update(get_app_kwarg_dict(appInstance))
+ if dicts:
+ for d in dicts:
+ options.update(d)
+
+ return serialize_options(options)
+
+
+def get_app_kwarg_dict(appInstance=None):
+ """Returns the dictionary of CORS specific app configurations."""
+ app = (appInstance or current_app)
+
+ # In order to support blueprints which do not have a config attribute
+ app_config = getattr(app, 'config', {})
+
+ return {
+ k.lower().replace('cors_', ''): app_config.get(k)
+ for k in CONFIG_OPTIONS
+ if app_config.get(k) is not None
+ }
+
+
+def flexible_str(obj):
+ """
+ A more flexible str function which intelligently handles stringifying
+ strings, lists and other iterables. The results are lexographically sorted
+ to ensure generated responses are consistent when iterables such as Set
+ are used.
+ """
+ if obj is None:
+ return None
+ elif(not isinstance(obj, string_types)
+ and isinstance(obj, Iterable)):
+ return ', '.join(str(item) for item in sorted(obj))
+ else:
+ return str(obj)
+
+
+def serialize_option(options_dict, key, upper=False):
+ if key in options_dict:
+ value = flexible_str(options_dict[key])
+ options_dict[key] = value.upper() if upper else value
+
+
+def ensure_iterable(inst):
+ """
+ Wraps scalars or string types as a list, or returns the iterable instance.
+ """
+ if isinstance(inst, string_types):
+ return [inst]
+ elif not isinstance(inst, Iterable):
+ return [inst]
+ else:
+ return inst
+
+def sanitize_regex_param(param):
+ return [re_fix(x) for x in ensure_iterable(param)]
+
+
+def serialize_options(opts):
+ """
+ A helper method to serialize and processes the options dictionary.
+ """
+ options = (opts or {}).copy()
+
+ for key in opts.keys():
+ if key not in DEFAULT_OPTIONS:
+ LOG.warning("Unknown option passed to Flask-CORS: %s", key)
+
+ # Ensure origins is a list of allowed origins with at least one entry.
+ options['origins'] = sanitize_regex_param(options.get('origins'))
+ options['allow_headers'] = sanitize_regex_param(options.get('allow_headers'))
+
+ # This is expressly forbidden by the spec. Raise a value error so people
+ # don't get burned in production.
+ if r'.*' in options['origins'] and options['supports_credentials'] and options['send_wildcard']:
+ raise ValueError("Cannot use supports_credentials in conjunction with"
+ "an origin string of '*'. See: "
+ "http://www.w3.org/TR/cors/#resource-requests")
+
+
+
+ serialize_option(options, 'expose_headers')
+ serialize_option(options, 'methods', upper=True)
+
+ if isinstance(options.get('max_age'), timedelta):
+ options['max_age'] = str(int(options['max_age'].total_seconds()))
+
+ return options
diff --git a/contrib/python/Flask-Cors/py2/flask_cors/decorator.py b/contrib/python/Flask-Cors/py2/flask_cors/decorator.py
new file mode 100644
index 0000000000..4a529e7be9
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/flask_cors/decorator.py
@@ -0,0 +1,135 @@
+# -*- coding: utf-8 -*-
+"""
+ decorator
+ ~~~~
+ This unit exposes a single decorator which should be used to wrap a
+ Flask route with. It accepts all parameters and options as
+ the CORS extension.
+
+ :copyright: (c) 2016 by Cory Dolphin.
+ :license: MIT, see LICENSE for more details.
+"""
+from functools import update_wrapper
+from flask import make_response, request, current_app
+from .core import *
+
+LOG = logging.getLogger(__name__)
+
+def cross_origin(*args, **kwargs):
+ """
+ This function is the decorator which is used to wrap a Flask route with.
+ In the simplest case, simply use the default parameters to allow all
+ origins in what is the most permissive configuration. If this method
+ modifies state or performs authentication which may be brute-forced, you
+ should add some degree of protection, such as Cross Site Forgery
+ Request protection.
+
+ :param origins:
+ The origin, or list of origins to allow requests from.
+ The origin(s) may be regular expressions, case-sensitive strings,
+ or else an asterisk
+
+ Default : '*'
+ :type origins: list, string or regex
+
+ :param methods:
+ The method or list of methods which the allowed origins are allowed to
+ access for non-simple requests.
+
+ Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
+ :type methods: list or string
+
+ :param expose_headers:
+ The header or list which are safe to expose to the API of a CORS API
+ specification.
+
+ Default : None
+ :type expose_headers: list or string
+
+ :param allow_headers:
+ The header or list of header field names which can be used when this
+ resource is accessed by allowed origins. The header(s) may be regular
+ expressions, case-sensitive strings, or else an asterisk.
+
+ Default : '*', allow all headers
+ :type allow_headers: list, string or regex
+
+ :param supports_credentials:
+ Allows users to make authenticated requests. If true, injects the
+ `Access-Control-Allow-Credentials` header in responses. This allows
+ cookies and credentials to be submitted across domains.
+
+ :note: This option cannot be used in conjuction with a '*' origin
+
+ Default : False
+ :type supports_credentials: bool
+
+ :param max_age:
+ The maximum time for which this CORS request maybe cached. This value
+ is set as the `Access-Control-Max-Age` header.
+
+ Default : None
+ :type max_age: timedelta, integer, string or None
+
+ :param send_wildcard: If True, and the origins parameter is `*`, a wildcard
+ `Access-Control-Allow-Origin` header is sent, rather than the
+ request's `Origin` header.
+
+ Default : False
+ :type send_wildcard: bool
+
+ :param vary_header:
+ If True, the header Vary: Origin will be returned as per the W3
+ implementation guidelines.
+
+ Setting this header when the `Access-Control-Allow-Origin` is
+ dynamically generated (e.g. when there is more than one allowed
+ origin, and an Origin than '*' is returned) informs CDNs and other
+ caches that the CORS headers are dynamic, and cannot be cached.
+
+ If False, the Vary header will never be injected or altered.
+
+ Default : True
+ :type vary_header: bool
+
+ :param automatic_options:
+ Only applies to the `cross_origin` decorator. If True, Flask-CORS will
+ override Flask's default OPTIONS handling to return CORS headers for
+ OPTIONS requests.
+
+ Default : True
+ :type automatic_options: bool
+
+ """
+ _options = kwargs
+
+ def decorator(f):
+ LOG.debug("Enabling %s for cross_origin using options:%s", f, _options)
+
+ # If True, intercept OPTIONS requests by modifying the view function,
+ # replicating Flask's default behavior, and wrapping the response with
+ # CORS headers.
+ #
+ # If f.provide_automatic_options is unset or True, Flask's route
+ # decorator (which is actually wraps the function object we return)
+ # intercepts OPTIONS handling, and requests will not have CORS headers
+ if _options.get('automatic_options', True):
+ f.required_methods = getattr(f, 'required_methods', set())
+ f.required_methods.add('OPTIONS')
+ f.provide_automatic_options = False
+
+ def wrapped_function(*args, **kwargs):
+ # Handle setting of Flask-Cors parameters
+ options = get_cors_options(current_app, _options)
+
+ if options.get('automatic_options') and request.method == 'OPTIONS':
+ resp = current_app.make_default_options_response()
+ else:
+ resp = make_response(f(*args, **kwargs))
+
+ set_cors_headers(resp, options)
+ setattr(resp, FLASK_CORS_EVALUATED, True)
+ return resp
+
+ return update_wrapper(wrapped_function, f)
+ return decorator
diff --git a/contrib/python/Flask-Cors/py2/flask_cors/extension.py b/contrib/python/Flask-Cors/py2/flask_cors/extension.py
new file mode 100644
index 0000000000..cfeca73208
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/flask_cors/extension.py
@@ -0,0 +1,190 @@
+# -*- coding: utf-8 -*-
+"""
+ extension
+ ~~~~
+ Flask-CORS is a simple extension to Flask allowing you to support cross
+ origin resource sharing (CORS) using a simple decorator.
+
+ :copyright: (c) 2016 by Cory Dolphin.
+ :license: MIT, see LICENSE for more details.
+"""
+from flask import request
+from .core import *
+try:
+ from urllib.parse import unquote_plus
+except ImportError:
+ from urllib import unquote_plus
+
+LOG = logging.getLogger(__name__)
+
+class CORS(object):
+ """
+ Initializes Cross Origin Resource sharing for the application. The
+ arguments are identical to :py:func:`cross_origin`, with the addition of a
+ `resources` parameter. The resources parameter defines a series of regular
+ expressions for resource paths to match and optionally, the associated
+ options to be applied to the particular resource. These options are
+ identical to the arguments to :py:func:`cross_origin`.
+
+ The settings for CORS are determined in the following order
+
+ 1. Resource level settings (e.g when passed as a dictionary)
+ 2. Keyword argument settings
+ 3. App level configuration settings (e.g. CORS_*)
+ 4. Default settings
+
+ Note: as it is possible for multiple regular expressions to match a
+ resource path, the regular expressions are first sorted by length,
+ from longest to shortest, in order to attempt to match the most
+ specific regular expression. This allows the definition of a
+ number of specific resource options, with a wildcard fallback
+ for all other resources.
+
+ :param resources:
+ The series of regular expression and (optionally) associated CORS
+ options to be applied to the given resource path.
+
+ If the argument is a dictionary, it's keys must be regular expressions,
+ and the values must be a dictionary of kwargs, identical to the kwargs
+ of this function.
+
+ If the argument is a list, it is expected to be a list of regular
+ expressions, for which the app-wide configured options are applied.
+
+ If the argument is a string, it is expected to be a regular expression
+ for which the app-wide configured options are applied.
+
+ Default : Match all and apply app-level configuration
+
+ :type resources: dict, iterable or string
+
+ :param origins:
+ The origin, or list of origins to allow requests from.
+ The origin(s) may be regular expressions, case-sensitive strings,
+ or else an asterisk
+
+ Default : '*'
+ :type origins: list, string or regex
+
+ :param methods:
+ The method or list of methods which the allowed origins are allowed to
+ access for non-simple requests.
+
+ Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
+ :type methods: list or string
+
+ :param expose_headers:
+ The header or list which are safe to expose to the API of a CORS API
+ specification.
+
+ Default : None
+ :type expose_headers: list or string
+
+ :param allow_headers:
+ The header or list of header field names which can be used when this
+ resource is accessed by allowed origins. The header(s) may be regular
+ expressions, case-sensitive strings, or else an asterisk.
+
+ Default : '*', allow all headers
+ :type allow_headers: list, string or regex
+
+ :param supports_credentials:
+ Allows users to make authenticated requests. If true, injects the
+ `Access-Control-Allow-Credentials` header in responses. This allows
+ cookies and credentials to be submitted across domains.
+
+ :note: This option cannot be used in conjunction with a '*' origin
+
+ Default : False
+ :type supports_credentials: bool
+
+ :param max_age:
+ The maximum time for which this CORS request maybe cached. This value
+ is set as the `Access-Control-Max-Age` header.
+
+ Default : None
+ :type max_age: timedelta, integer, string or None
+
+ :param send_wildcard: If True, and the origins parameter is `*`, a wildcard
+ `Access-Control-Allow-Origin` header is sent, rather than the
+ request's `Origin` header.
+
+ Default : False
+ :type send_wildcard: bool
+
+ :param vary_header:
+ If True, the header Vary: Origin will be returned as per the W3
+ implementation guidelines.
+
+ Setting this header when the `Access-Control-Allow-Origin` is
+ dynamically generated (e.g. when there is more than one allowed
+ origin, and an Origin than '*' is returned) informs CDNs and other
+ caches that the CORS headers are dynamic, and cannot be cached.
+
+ If False, the Vary header will never be injected or altered.
+
+ Default : True
+ :type vary_header: bool
+ """
+
+ def __init__(self, app=None, **kwargs):
+ self._options = kwargs
+ if app is not None:
+ self.init_app(app, **kwargs)
+
+ def init_app(self, app, **kwargs):
+ # The resources and options may be specified in the App Config, the CORS constructor
+ # or the kwargs to the call to init_app.
+ options = get_cors_options(app, self._options, kwargs)
+
+ # Flatten our resources into a list of the form
+ # (pattern_or_regexp, dictionary_of_options)
+ resources = parse_resources(options.get('resources'))
+
+ # Compute the options for each resource by combining the options from
+ # the app's configuration, the constructor, the kwargs to init_app, and
+ # finally the options specified in the resources dictionary.
+ resources = [
+ (pattern, get_cors_options(app, options, opts))
+ for (pattern, opts) in resources
+ ]
+
+ # Create a human readable form of these resources by converting the compiled
+ # regular expressions into strings.
+ resources_human = {get_regexp_pattern(pattern): opts for (pattern,opts) in resources}
+ LOG.debug("Configuring CORS with resources: %s", resources_human)
+
+ cors_after_request = make_after_request_function(resources)
+ app.after_request(cors_after_request)
+
+ # Wrap exception handlers with cross_origin
+ # These error handlers will still respect the behavior of the route
+ if options.get('intercept_exceptions', True):
+ def _after_request_decorator(f):
+ def wrapped_function(*args, **kwargs):
+ return cors_after_request(app.make_response(f(*args, **kwargs)))
+ return wrapped_function
+
+ if hasattr(app, 'handle_exception'):
+ app.handle_exception = _after_request_decorator(
+ app.handle_exception)
+ app.handle_user_exception = _after_request_decorator(
+ app.handle_user_exception)
+
+def make_after_request_function(resources):
+ def cors_after_request(resp):
+ # If CORS headers are set in a view decorator, pass
+ if resp.headers is not None and resp.headers.get(ACL_ORIGIN):
+ LOG.debug('CORS have been already evaluated, skipping')
+ return resp
+ normalized_path = unquote_plus(request.path)
+ for res_regex, res_options in resources:
+ if try_match(normalized_path, res_regex):
+ LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
+ request.path, get_regexp_pattern(res_regex), res_options)
+ set_cors_headers(resp, res_options)
+ break
+ else:
+ LOG.debug('No CORS rule matches')
+ return resp
+ return cors_after_request
diff --git a/contrib/python/Flask-Cors/py2/flask_cors/version.py b/contrib/python/Flask-Cors/py2/flask_cors/version.py
new file mode 100644
index 0000000000..2bbea71d52
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/flask_cors/version.py
@@ -0,0 +1 @@
+__version__ = '3.0.10'
diff --git a/contrib/python/Flask-Cors/py2/ya.make b/contrib/python/Flask-Cors/py2/ya.make
new file mode 100644
index 0000000000..08275da1c8
--- /dev/null
+++ b/contrib/python/Flask-Cors/py2/ya.make
@@ -0,0 +1,31 @@
+# Generated by devtools/yamaker (pypi).
+
+PY2_LIBRARY()
+
+VERSION(3.0.10)
+
+LICENSE(MIT)
+
+PEERDIR(
+ contrib/python/Flask
+ contrib/python/six
+)
+
+NO_LINT()
+
+PY_SRCS(
+ TOP_LEVEL
+ flask_cors/__init__.py
+ flask_cors/core.py
+ flask_cors/decorator.py
+ flask_cors/extension.py
+ flask_cors/version.py
+)
+
+RESOURCE_FILES(
+ PREFIX contrib/python/Flask-Cors/py2/
+ .dist-info/METADATA
+ .dist-info/top_level.txt
+)
+
+END()
diff --git a/contrib/python/Flask-Cors/py3/.dist-info/METADATA b/contrib/python/Flask-Cors/py3/.dist-info/METADATA
new file mode 100644
index 0000000000..bd0c55a2b8
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/.dist-info/METADATA
@@ -0,0 +1,147 @@
+Metadata-Version: 2.1
+Name: Flask-Cors
+Version: 4.0.0
+Summary: A Flask extension adding a decorator for CORS support
+Home-page: https://github.com/corydolphin/flask-cors
+Author: Cory Dolphin
+Author-email: corydolphin@gmail.com
+License: MIT
+Platform: any
+Classifier: Environment :: Web Environment
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
+Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+License-File: LICENSE
+Requires-Dist: Flask (>=0.9)
+
+Flask-CORS
+==========
+
+|Build Status| |Latest Version| |Supported Python versions|
+|License|
+
+A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
+
+This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain.
+This means no mucking around with different allowed headers, methods, etc.
+
+By default, submission of cookies across domains is disabled due to the security implications.
+Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of `CSRF <http://en.wikipedia.org/wiki/Cross-site_request_forgery>`__ protection before doing so!
+
+Installation
+------------
+
+Install the extension with using pip, or easy\_install.
+
+.. code:: bash
+
+ $ pip install -U flask-cors
+
+Usage
+-----
+
+This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods.
+It allows parameterization of all CORS headers on a per-resource level.
+The package also contains a decorator, for those who prefer this approach.
+
+Simple Usage
+~~~~~~~~~~~~
+
+In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes.
+See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
+
+.. code:: python
+
+
+ from flask import Flask
+ from flask_cors import CORS
+
+ app = Flask(__name__)
+ CORS(app)
+
+ @app.route("/")
+ def helloWorld():
+ return "Hello, cross-origin-world!"
+
+Resource specific CORS
+^^^^^^^^^^^^^^^^^^^^^^
+
+Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the `resources` option, mapping paths to a set of options.
+See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
+
+.. code:: python
+
+ app = Flask(__name__)
+ cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
+
+ @app.route("/api/v1/users")
+ def list_users():
+ return "user example"
+
+Route specific CORS via decorator
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This extension also exposes a simple decorator to decorate flask routes with.
+Simply add ``@cross_origin()`` below a call to Flask's ``@app.route(..)`` to allow CORS on a given route.
+See the full list of options in the `decorator documentation <https://flask-cors.corydolphin.com/en/latest/api.html#decorator>`__.
+
+.. code:: python
+
+ @app.route("/")
+ @cross_origin()
+ def helloWorld():
+ return "Hello, cross-origin-world!"
+
+Documentation
+-------------
+
+For a full list of options, please see the full `documentation <https://flask-cors.corydolphin.com/en/latest/api.html>`__
+
+Troubleshooting
+---------------
+
+If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.
+
+.. code:: python
+
+ logging.getLogger('flask_cors').level = logging.DEBUG
+
+
+Tests
+-----
+
+A simple set of tests is included in ``test/``.
+To run, install nose, and simply invoke ``nosetests`` or ``python setup.py test`` to exercise the tests.
+
+If nosetests does not work for you, due to it no longer working with newer python versions.
+You can use pytest to run the tests instead.
+
+Contributing
+------------
+
+Questions, comments or improvements?
+Please create an issue on `Github <https://github.com/corydolphin/flask-cors>`__, tweet at `@corydolphin <https://twitter.com/corydolphin>`__ or send me an email.
+I do my best to include every contribution proposed in any way that I can.
+
+Credits
+-------
+
+This Flask extension is based upon the `Decorator for the HTTP Access Control <https://web.archive.org/web/20190128010149/http://flask.pocoo.org/snippets/56/>`__ written by Armin Ronacher.
+
+.. |Build Status| image:: https://api.travis-ci.org/corydolphin/flask-cors.svg?branch=master
+ :target: https://travis-ci.org/corydolphin/flask-cors
+.. |Latest Version| image:: https://img.shields.io/pypi/v/Flask-Cors.svg
+ :target: https://pypi.python.org/pypi/Flask-Cors/
+.. |Supported Python versions| image:: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
+ :target: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
+.. |License| image:: http://img.shields.io/:license-mit-blue.svg
+ :target: https://pypi.python.org/pypi/Flask-Cors/
diff --git a/contrib/python/Flask-Cors/py3/.dist-info/top_level.txt b/contrib/python/Flask-Cors/py3/.dist-info/top_level.txt
new file mode 100644
index 0000000000..27af98818d
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/.dist-info/top_level.txt
@@ -0,0 +1 @@
+flask_cors
diff --git a/contrib/python/Flask-Cors/py3/LICENSE b/contrib/python/Flask-Cors/py3/LICENSE
new file mode 100644
index 0000000000..46d932f8d8
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/LICENSE
@@ -0,0 +1,7 @@
+Copyright (C) 2016 Cory Dolphin, Olin College
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file
diff --git a/contrib/python/Flask-Cors/py3/README.rst b/contrib/python/Flask-Cors/py3/README.rst
new file mode 100644
index 0000000000..f90ac6ca48
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/README.rst
@@ -0,0 +1,122 @@
+Flask-CORS
+==========
+
+|Build Status| |Latest Version| |Supported Python versions|
+|License|
+
+A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
+
+This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain.
+This means no mucking around with different allowed headers, methods, etc.
+
+By default, submission of cookies across domains is disabled due to the security implications.
+Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of `CSRF <http://en.wikipedia.org/wiki/Cross-site_request_forgery>`__ protection before doing so!
+
+Installation
+------------
+
+Install the extension with using pip, or easy\_install.
+
+.. code:: bash
+
+ $ pip install -U flask-cors
+
+Usage
+-----
+
+This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods.
+It allows parameterization of all CORS headers on a per-resource level.
+The package also contains a decorator, for those who prefer this approach.
+
+Simple Usage
+~~~~~~~~~~~~
+
+In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes.
+See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
+
+.. code:: python
+
+
+ from flask import Flask
+ from flask_cors import CORS
+
+ app = Flask(__name__)
+ CORS(app)
+
+ @app.route("/")
+ def helloWorld():
+ return "Hello, cross-origin-world!"
+
+Resource specific CORS
+^^^^^^^^^^^^^^^^^^^^^^
+
+Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the `resources` option, mapping paths to a set of options.
+See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
+
+.. code:: python
+
+ app = Flask(__name__)
+ cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
+
+ @app.route("/api/v1/users")
+ def list_users():
+ return "user example"
+
+Route specific CORS via decorator
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This extension also exposes a simple decorator to decorate flask routes with.
+Simply add ``@cross_origin()`` below a call to Flask's ``@app.route(..)`` to allow CORS on a given route.
+See the full list of options in the `decorator documentation <https://flask-cors.corydolphin.com/en/latest/api.html#decorator>`__.
+
+.. code:: python
+
+ @app.route("/")
+ @cross_origin()
+ def helloWorld():
+ return "Hello, cross-origin-world!"
+
+Documentation
+-------------
+
+For a full list of options, please see the full `documentation <https://flask-cors.corydolphin.com/en/latest/api.html>`__
+
+Troubleshooting
+---------------
+
+If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.
+
+.. code:: python
+
+ logging.getLogger('flask_cors').level = logging.DEBUG
+
+
+Tests
+-----
+
+A simple set of tests is included in ``test/``.
+To run, install nose, and simply invoke ``nosetests`` or ``python setup.py test`` to exercise the tests.
+
+If nosetests does not work for you, due to it no longer working with newer python versions.
+You can use pytest to run the tests instead.
+
+Contributing
+------------
+
+Questions, comments or improvements?
+Please create an issue on `Github <https://github.com/corydolphin/flask-cors>`__, tweet at `@corydolphin <https://twitter.com/corydolphin>`__ or send me an email.
+I do my best to include every contribution proposed in any way that I can.
+
+Credits
+-------
+
+This Flask extension is based upon the `Decorator for the HTTP Access Control <https://web.archive.org/web/20190128010149/http://flask.pocoo.org/snippets/56/>`__ written by Armin Ronacher.
+
+.. |Build Status| image:: https://api.travis-ci.org/corydolphin/flask-cors.svg?branch=master
+ :target: https://travis-ci.org/corydolphin/flask-cors
+.. |Latest Version| image:: https://img.shields.io/pypi/v/Flask-Cors.svg
+ :target: https://pypi.python.org/pypi/Flask-Cors/
+.. |Supported Python versions| image:: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
+ :target: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
+.. |License| image:: http://img.shields.io/:license-mit-blue.svg
+ :target: https://pypi.python.org/pypi/Flask-Cors/
diff --git a/contrib/python/Flask-Cors/py3/flask_cors/__init__.py b/contrib/python/Flask-Cors/py3/flask_cors/__init__.py
new file mode 100644
index 0000000000..458150efbb
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/flask_cors/__init__.py
@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+"""
+ flask_cors
+ ~~~~
+ Flask-CORS is a simple extension to Flask allowing you to support cross
+ origin resource sharing (CORS) using a simple decorator.
+
+ :copyright: (c) 2016 by Cory Dolphin.
+ :license: MIT, see LICENSE for more details.
+"""
+from .decorator import cross_origin
+from .extension import CORS
+from .version import __version__
+
+__all__ = ['CORS', 'cross_origin']
+
+# Set default logging handler to avoid "No handler found" warnings.
+import logging
+from logging import NullHandler
+
+# Set initial level to WARN. Users must manually enable logging for
+# flask_cors to see our logging.
+rootlogger = logging.getLogger(__name__)
+rootlogger.addHandler(NullHandler())
+
+if rootlogger.level == logging.NOTSET:
+ rootlogger.setLevel(logging.WARN)
diff --git a/contrib/python/Flask-Cors/py3/flask_cors/core.py b/contrib/python/Flask-Cors/py3/flask_cors/core.py
new file mode 100644
index 0000000000..5358036c21
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/flask_cors/core.py
@@ -0,0 +1,382 @@
+# -*- coding: utf-8 -*-
+"""
+ core
+ ~~~~
+ Core functionality shared between the extension and the decorator.
+
+ :copyright: (c) 2016 by Cory Dolphin.
+ :license: MIT, see LICENSE for more details.
+"""
+import re
+import logging
+from collections.abc import Iterable
+from datetime import timedelta
+from flask import request, current_app
+from werkzeug.datastructures import Headers, MultiDict
+
+LOG = logging.getLogger(__name__)
+
+# Response Headers
+ACL_ORIGIN = 'Access-Control-Allow-Origin'
+ACL_METHODS = 'Access-Control-Allow-Methods'
+ACL_ALLOW_HEADERS = 'Access-Control-Allow-Headers'
+ACL_EXPOSE_HEADERS = 'Access-Control-Expose-Headers'
+ACL_CREDENTIALS = 'Access-Control-Allow-Credentials'
+ACL_MAX_AGE = 'Access-Control-Max-Age'
+ACL_RESPONSE_PRIVATE_NETWORK = 'Access-Control-Allow-Private-Network'
+
+# Request Header
+ACL_REQUEST_METHOD = 'Access-Control-Request-Method'
+ACL_REQUEST_HEADERS = 'Access-Control-Request-Headers'
+ACL_REQUEST_HEADER_PRIVATE_NETWORK = 'Access-Control-Request-Private-Network'
+
+ALL_METHODS = ['GET', 'HEAD', 'POST', 'OPTIONS', 'PUT', 'PATCH', 'DELETE']
+CONFIG_OPTIONS = ['CORS_ORIGINS', 'CORS_METHODS', 'CORS_ALLOW_HEADERS',
+ 'CORS_EXPOSE_HEADERS', 'CORS_SUPPORTS_CREDENTIALS',
+ 'CORS_MAX_AGE', 'CORS_SEND_WILDCARD',
+ 'CORS_AUTOMATIC_OPTIONS', 'CORS_VARY_HEADER',
+ 'CORS_RESOURCES', 'CORS_INTERCEPT_EXCEPTIONS',
+ 'CORS_ALWAYS_SEND']
+# Attribute added to request object by decorator to indicate that CORS
+# was evaluated, in case the decorator and extension are both applied
+# to a view.
+FLASK_CORS_EVALUATED = '_FLASK_CORS_EVALUATED'
+
+# Strange, but this gets the type of a compiled regex, which is otherwise not
+# exposed in a public API.
+RegexObject = type(re.compile(''))
+DEFAULT_OPTIONS = dict(origins='*',
+ methods=ALL_METHODS,
+ allow_headers='*',
+ expose_headers=None,
+ supports_credentials=False,
+ max_age=None,
+ send_wildcard=False,
+ automatic_options=True,
+ vary_header=True,
+ resources=r'/*',
+ intercept_exceptions=True,
+ always_send=True)
+
+
+def parse_resources(resources):
+ if isinstance(resources, dict):
+ # To make the API more consistent with the decorator, allow a
+ # resource of '*', which is not actually a valid regexp.
+ resources = [(re_fix(k), v) for k, v in resources.items()]
+
+ # Sort by regex length to provide consistency of matching and
+ # to provide a proxy for specificity of match. E.G. longer
+ # regular expressions are tried first.
+ def pattern_length(pair):
+ maybe_regex, _ = pair
+ return len(get_regexp_pattern(maybe_regex))
+
+ return sorted(resources,
+ key=pattern_length,
+ reverse=True)
+
+ elif isinstance(resources, str):
+ return [(re_fix(resources), {})]
+
+ elif isinstance(resources, Iterable):
+ return [(re_fix(r), {}) for r in resources]
+
+ # Type of compiled regex is not part of the public API. Test for this
+ # at runtime.
+ elif isinstance(resources, RegexObject):
+ return [(re_fix(resources), {})]
+
+ else:
+ raise ValueError("Unexpected value for resources argument.")
+
+
+def get_regexp_pattern(regexp):
+ """
+ Helper that returns regexp pattern from given value.
+
+ :param regexp: regular expression to stringify
+ :type regexp: _sre.SRE_Pattern or str
+ :returns: string representation of given regexp pattern
+ :rtype: str
+ """
+ try:
+ return regexp.pattern
+ except AttributeError:
+ return str(regexp)
+
+
+def get_cors_origins(options, request_origin):
+ origins = options.get('origins')
+ wildcard = r'.*' in origins
+
+ # If the Origin header is not present terminate this set of steps.
+ # The request is outside the scope of this specification.-- W3Spec
+ if request_origin:
+ LOG.debug("CORS request received with 'Origin' %s", request_origin)
+
+ # If the allowed origins is an asterisk or 'wildcard', always match
+ if wildcard and options.get('send_wildcard'):
+ LOG.debug("Allowed origins are set to '*'. Sending wildcard CORS header.")
+ return ['*']
+ # If the value of the Origin header is a case-sensitive match
+ # for any of the values in list of origins
+ elif try_match_any(request_origin, origins):
+ LOG.debug("The request's Origin header matches. Sending CORS headers.", )
+ # Add a single Access-Control-Allow-Origin header, with either
+ # the value of the Origin header or the string "*" as value.
+ # -- W3Spec
+ return [request_origin]
+ else:
+ LOG.debug("The request's Origin header does not match any of allowed origins.")
+ return None
+
+
+ elif options.get('always_send'):
+ if wildcard:
+ # If wildcard is in the origins, even if 'send_wildcard' is False,
+ # simply send the wildcard. Unless supports_credentials is True,
+ # since that is forbidded by the spec..
+ # It is the most-likely to be correct thing to do (the only other
+ # option is to return nothing, which almost certainly not what
+ # the developer wants if the '*' origin was specified.
+ if options.get('supports_credentials'):
+ return None
+ else:
+ return ['*']
+ else:
+ # Return all origins that are not regexes.
+ return sorted([o for o in origins if not probably_regex(o)])
+
+ # Terminate these steps, return the original request untouched.
+ else:
+ LOG.debug("The request did not contain an 'Origin' header. This means the browser or client did not request CORS, ensure the Origin Header is set.")
+ return None
+
+
+def get_allow_headers(options, acl_request_headers):
+ if acl_request_headers:
+ request_headers = [h.strip() for h in acl_request_headers.split(',')]
+
+ # any header that matches in the allow_headers
+ matching_headers = filter(
+ lambda h: try_match_any(h, options.get('allow_headers')),
+ request_headers
+ )
+
+ return ', '.join(sorted(matching_headers))
+
+ return None
+
+
+def get_cors_headers(options, request_headers, request_method):
+ origins_to_set = get_cors_origins(options, request_headers.get('Origin'))
+ headers = MultiDict()
+
+ if not origins_to_set: # CORS is not enabled for this route
+ return headers
+
+ for origin in origins_to_set:
+ headers.add(ACL_ORIGIN, origin)
+
+ headers[ACL_EXPOSE_HEADERS] = options.get('expose_headers')
+
+ if options.get('supports_credentials'):
+ headers[ACL_CREDENTIALS] = 'true' # case sensitive
+
+ if ACL_REQUEST_HEADER_PRIVATE_NETWORK in request_headers \
+ and request_headers.get(ACL_REQUEST_HEADER_PRIVATE_NETWORK) == 'true':
+ headers[ACL_RESPONSE_PRIVATE_NETWORK] = 'true'
+
+ # This is a preflight request
+ # http://www.w3.org/TR/cors/#resource-preflight-requests
+ if request_method == 'OPTIONS':
+ acl_request_method = request_headers.get(ACL_REQUEST_METHOD, '').upper()
+
+ # If there is no Access-Control-Request-Method header or if parsing
+ # failed, do not set any additional headers
+ if acl_request_method and acl_request_method in options.get('methods'):
+
+ # If method is not a case-sensitive match for any of the values in
+ # list of methods do not set any additional headers and terminate
+ # this set of steps.
+ headers[ACL_ALLOW_HEADERS] = get_allow_headers(options, request_headers.get(ACL_REQUEST_HEADERS))
+ headers[ACL_MAX_AGE] = options.get('max_age')
+ headers[ACL_METHODS] = options.get('methods')
+ else:
+ LOG.info("The request's Access-Control-Request-Method header does not match allowed methods. CORS headers will not be applied.")
+
+ # http://www.w3.org/TR/cors/#resource-implementation
+ if options.get('vary_header'):
+ # Only set header if the origin returned will vary dynamically,
+ # i.e. if we are not returning an asterisk, and there are multiple
+ # origins that can be matched.
+ if headers[ACL_ORIGIN] == '*':
+ pass
+ elif (len(options.get('origins')) > 1 or
+ len(origins_to_set) > 1 or
+ any(map(probably_regex, options.get('origins')))):
+ headers.add('Vary', 'Origin')
+
+ return MultiDict((k, v) for k, v in headers.items() if v)
+
+
+def set_cors_headers(resp, options):
+ """
+ Performs the actual evaluation of Flask-CORS options and actually
+ modifies the response object.
+
+ This function is used both in the decorator and the after_request
+ callback
+ """
+
+ # If CORS has already been evaluated via the decorator, skip
+ if hasattr(resp, FLASK_CORS_EVALUATED):
+ LOG.debug('CORS have been already evaluated, skipping')
+ return resp
+
+ # Some libraries, like OAuthlib, set resp.headers to non Multidict
+ # objects (Werkzeug Headers work as well). This is a problem because
+ # headers allow repeated values.
+ if (not isinstance(resp.headers, Headers)
+ and not isinstance(resp.headers, MultiDict)):
+ resp.headers = MultiDict(resp.headers)
+
+ headers_to_set = get_cors_headers(options, request.headers, request.method)
+
+ LOG.debug('Settings CORS headers: %s', str(headers_to_set))
+
+ for k, v in headers_to_set.items():
+ resp.headers.add(k, v)
+
+ return resp
+
+def probably_regex(maybe_regex):
+ if isinstance(maybe_regex, RegexObject):
+ return True
+ else:
+ common_regex_chars = ['*', '\\', ']', '?', '$', '^', '[', ']', '(', ')']
+ # Use common characters used in regular expressions as a proxy
+ # for if this string is in fact a regex.
+ return any((c in maybe_regex for c in common_regex_chars))
+
+def re_fix(reg):
+ """
+ Replace the invalid regex r'*' with the valid, wildcard regex r'/.*' to
+ enable the CORS app extension to have a more user friendly api.
+ """
+ return r'.*' if reg == r'*' else reg
+
+
+def try_match_any(inst, patterns):
+ return any(try_match(inst, pattern) for pattern in patterns)
+
+
+def try_match(request_origin, maybe_regex):
+ """Safely attempts to match a pattern or string to a request origin."""
+ if isinstance(maybe_regex, RegexObject):
+ return re.match(maybe_regex, request_origin)
+ elif probably_regex(maybe_regex):
+ return re.match(maybe_regex, request_origin, flags=re.IGNORECASE)
+ else:
+ try:
+ return request_origin.lower() == maybe_regex.lower()
+ except AttributeError:
+ return request_origin == maybe_regex
+
+
+def get_cors_options(appInstance, *dicts):
+ """
+ Compute CORS options for an application by combining the DEFAULT_OPTIONS,
+ the app's configuration-specified options and any dictionaries passed. The
+ last specified option wins.
+ """
+ options = DEFAULT_OPTIONS.copy()
+ options.update(get_app_kwarg_dict(appInstance))
+ if dicts:
+ for d in dicts:
+ options.update(d)
+
+ return serialize_options(options)
+
+
+def get_app_kwarg_dict(appInstance=None):
+ """Returns the dictionary of CORS specific app configurations."""
+ app = (appInstance or current_app)
+
+ # In order to support blueprints which do not have a config attribute
+ app_config = getattr(app, 'config', {})
+
+ return {
+ k.lower().replace('cors_', ''): app_config.get(k)
+ for k in CONFIG_OPTIONS
+ if app_config.get(k) is not None
+ }
+
+
+def flexible_str(obj):
+ """
+ A more flexible str function which intelligently handles stringifying
+ strings, lists and other iterables. The results are lexographically sorted
+ to ensure generated responses are consistent when iterables such as Set
+ are used.
+ """
+ if obj is None:
+ return None
+ elif not isinstance(obj, str) and isinstance(obj, Iterable):
+ return ", ".join(str(item) for item in sorted(obj))
+ else:
+ return str(obj)
+
+
+def serialize_option(options_dict, key, upper=False):
+ if key in options_dict:
+ value = flexible_str(options_dict[key])
+ options_dict[key] = value.upper() if upper else value
+
+
+def ensure_iterable(inst):
+ """
+ Wraps scalars or string types as a list, or returns the iterable instance.
+ """
+ if isinstance(inst, str):
+ return [inst]
+ elif not isinstance(inst, Iterable):
+ return [inst]
+ else:
+ return inst
+
+def sanitize_regex_param(param):
+ return [re_fix(x) for x in ensure_iterable(param)]
+
+
+def serialize_options(opts):
+ """
+ A helper method to serialize and processes the options dictionary.
+ """
+ options = (opts or {}).copy()
+
+ for key in opts.keys():
+ if key not in DEFAULT_OPTIONS:
+ LOG.warning("Unknown option passed to Flask-CORS: %s", key)
+
+ # Ensure origins is a list of allowed origins with at least one entry.
+ options['origins'] = sanitize_regex_param(options.get('origins'))
+ options['allow_headers'] = sanitize_regex_param(options.get('allow_headers'))
+
+ # This is expressly forbidden by the spec. Raise a value error so people
+ # don't get burned in production.
+ if r'.*' in options['origins'] and options['supports_credentials'] and options['send_wildcard']:
+ raise ValueError("Cannot use supports_credentials in conjunction with"
+ "an origin string of '*'. See: "
+ "http://www.w3.org/TR/cors/#resource-requests")
+
+
+
+ serialize_option(options, 'expose_headers')
+ serialize_option(options, 'methods', upper=True)
+
+ if isinstance(options.get('max_age'), timedelta):
+ options['max_age'] = str(int(options['max_age'].total_seconds()))
+
+ return options
diff --git a/contrib/python/Flask-Cors/py3/flask_cors/decorator.py b/contrib/python/Flask-Cors/py3/flask_cors/decorator.py
new file mode 100644
index 0000000000..b61d22f802
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/flask_cors/decorator.py
@@ -0,0 +1,137 @@
+# -*- coding: utf-8 -*-
+"""
+ decorator
+ ~~~~
+ This unit exposes a single decorator which should be used to wrap a
+ Flask route with. It accepts all parameters and options as
+ the CORS extension.
+
+ :copyright: (c) 2016 by Cory Dolphin.
+ :license: MIT, see LICENSE for more details.
+"""
+import logging
+from functools import update_wrapper
+from flask import make_response, request, current_app
+
+from .core import get_cors_options, set_cors_headers, FLASK_CORS_EVALUATED
+
+LOG = logging.getLogger(__name__)
+
+def cross_origin(*args, **kwargs):
+ """
+ This function is the decorator which is used to wrap a Flask route with.
+ In the simplest case, simply use the default parameters to allow all
+ origins in what is the most permissive configuration. If this method
+ modifies state or performs authentication which may be brute-forced, you
+ should add some degree of protection, such as Cross Site Request Forgery
+ protection.
+
+ :param origins:
+ The origin, or list of origins to allow requests from.
+ The origin(s) may be regular expressions, case-sensitive strings,
+ or else an asterisk
+
+ Default : '*'
+ :type origins: list, string or regex
+
+ :param methods:
+ The method or list of methods which the allowed origins are allowed to
+ access for non-simple requests.
+
+ Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
+ :type methods: list or string
+
+ :param expose_headers:
+ The header or list which are safe to expose to the API of a CORS API
+ specification.
+
+ Default : None
+ :type expose_headers: list or string
+
+ :param allow_headers:
+ The header or list of header field names which can be used when this
+ resource is accessed by allowed origins. The header(s) may be regular
+ expressions, case-sensitive strings, or else an asterisk.
+
+ Default : '*', allow all headers
+ :type allow_headers: list, string or regex
+
+ :param supports_credentials:
+ Allows users to make authenticated requests. If true, injects the
+ `Access-Control-Allow-Credentials` header in responses. This allows
+ cookies and credentials to be submitted across domains.
+
+ :note: This option cannot be used in conjunction with a '*' origin
+
+ Default : False
+ :type supports_credentials: bool
+
+ :param max_age:
+ The maximum time for which this CORS request maybe cached. This value
+ is set as the `Access-Control-Max-Age` header.
+
+ Default : None
+ :type max_age: timedelta, integer, string or None
+
+ :param send_wildcard: If True, and the origins parameter is `*`, a wildcard
+ `Access-Control-Allow-Origin` header is sent, rather than the
+ request's `Origin` header.
+
+ Default : False
+ :type send_wildcard: bool
+
+ :param vary_header:
+ If True, the header Vary: Origin will be returned as per the W3
+ implementation guidelines.
+
+ Setting this header when the `Access-Control-Allow-Origin` is
+ dynamically generated (e.g. when there is more than one allowed
+ origin, and an Origin than '*' is returned) informs CDNs and other
+ caches that the CORS headers are dynamic, and cannot be cached.
+
+ If False, the Vary header will never be injected or altered.
+
+ Default : True
+ :type vary_header: bool
+
+ :param automatic_options:
+ Only applies to the `cross_origin` decorator. If True, Flask-CORS will
+ override Flask's default OPTIONS handling to return CORS headers for
+ OPTIONS requests.
+
+ Default : True
+ :type automatic_options: bool
+
+ """
+ _options = kwargs
+
+ def decorator(f):
+ LOG.debug("Enabling %s for cross_origin using options:%s", f, _options)
+
+ # If True, intercept OPTIONS requests by modifying the view function,
+ # replicating Flask's default behavior, and wrapping the response with
+ # CORS headers.
+ #
+ # If f.provide_automatic_options is unset or True, Flask's route
+ # decorator (which is actually wraps the function object we return)
+ # intercepts OPTIONS handling, and requests will not have CORS headers
+ if _options.get('automatic_options', True):
+ f.required_methods = getattr(f, 'required_methods', set())
+ f.required_methods.add('OPTIONS')
+ f.provide_automatic_options = False
+
+ def wrapped_function(*args, **kwargs):
+ # Handle setting of Flask-Cors parameters
+ options = get_cors_options(current_app, _options)
+
+ if options.get('automatic_options') and request.method == 'OPTIONS':
+ resp = current_app.make_default_options_response()
+ else:
+ resp = make_response(f(*args, **kwargs))
+
+ set_cors_headers(resp, options)
+ setattr(resp, FLASK_CORS_EVALUATED, True)
+ return resp
+
+ return update_wrapper(wrapped_function, f)
+ return decorator
diff --git a/contrib/python/Flask-Cors/py3/flask_cors/extension.py b/contrib/python/Flask-Cors/py3/flask_cors/extension.py
new file mode 100644
index 0000000000..c00cbfff9a
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/flask_cors/extension.py
@@ -0,0 +1,201 @@
+# -*- coding: utf-8 -*-
+"""
+ extension
+ ~~~~
+ Flask-CORS is a simple extension to Flask allowing you to support cross
+ origin resource sharing (CORS) using a simple decorator.
+
+ :copyright: (c) 2016 by Cory Dolphin.
+ :license: MIT, see LICENSE for more details.
+"""
+import logging
+from urllib.parse import unquote_plus
+from flask import request
+
+from .core import (
+ parse_resources,
+ get_cors_options,
+ get_regexp_pattern,
+ ACL_ORIGIN,
+ try_match,
+ set_cors_headers
+)
+
+
+LOG = logging.getLogger(__name__)
+
+class CORS(object):
+ """
+ Initializes Cross Origin Resource sharing for the application. The
+ arguments are identical to :py:func:`cross_origin`, with the addition of a
+ `resources` parameter. The resources parameter defines a series of regular
+ expressions for resource paths to match and optionally, the associated
+ options to be applied to the particular resource. These options are
+ identical to the arguments to :py:func:`cross_origin`.
+
+ The settings for CORS are determined in the following order
+
+ 1. Resource level settings (e.g when passed as a dictionary)
+ 2. Keyword argument settings
+ 3. App level configuration settings (e.g. CORS_*)
+ 4. Default settings
+
+ Note: as it is possible for multiple regular expressions to match a
+ resource path, the regular expressions are first sorted by length,
+ from longest to shortest, in order to attempt to match the most
+ specific regular expression. This allows the definition of a
+ number of specific resource options, with a wildcard fallback
+ for all other resources.
+
+ :param resources:
+ The series of regular expression and (optionally) associated CORS
+ options to be applied to the given resource path.
+
+ If the argument is a dictionary, it's keys must be regular expressions,
+ and the values must be a dictionary of kwargs, identical to the kwargs
+ of this function.
+
+ If the argument is a list, it is expected to be a list of regular
+ expressions, for which the app-wide configured options are applied.
+
+ If the argument is a string, it is expected to be a regular expression
+ for which the app-wide configured options are applied.
+
+ Default : Match all and apply app-level configuration
+
+ :type resources: dict, iterable or string
+
+ :param origins:
+ The origin, or list of origins to allow requests from.
+ The origin(s) may be regular expressions, case-sensitive strings,
+ or else an asterisk.
+
+ :note: origins must include the schema and the port (if not port 80),
+ e.g.,
+ `CORS(app, origins=["http://localhost:8000", "https://example.com"])`.
+
+ Default : '*'
+ :type origins: list, string or regex
+
+ :param methods:
+ The method or list of methods which the allowed origins are allowed to
+ access for non-simple requests.
+
+ Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
+ :type methods: list or string
+
+ :param expose_headers:
+ The header or list which are safe to expose to the API of a CORS API
+ specification.
+
+ Default : None
+ :type expose_headers: list or string
+
+ :param allow_headers:
+ The header or list of header field names which can be used when this
+ resource is accessed by allowed origins. The header(s) may be regular
+ expressions, case-sensitive strings, or else an asterisk.
+
+ Default : '*', allow all headers
+ :type allow_headers: list, string or regex
+
+ :param supports_credentials:
+ Allows users to make authenticated requests. If true, injects the
+ `Access-Control-Allow-Credentials` header in responses. This allows
+ cookies and credentials to be submitted across domains.
+
+ :note: This option cannot be used in conjunction with a '*' origin
+
+ Default : False
+ :type supports_credentials: bool
+
+ :param max_age:
+ The maximum time for which this CORS request maybe cached. This value
+ is set as the `Access-Control-Max-Age` header.
+
+ Default : None
+ :type max_age: timedelta, integer, string or None
+
+ :param send_wildcard: If True, and the origins parameter is `*`, a wildcard
+ `Access-Control-Allow-Origin` header is sent, rather than the
+ request's `Origin` header.
+
+ Default : False
+ :type send_wildcard: bool
+
+ :param vary_header:
+ If True, the header Vary: Origin will be returned as per the W3
+ implementation guidelines.
+
+ Setting this header when the `Access-Control-Allow-Origin` is
+ dynamically generated (e.g. when there is more than one allowed
+ origin, and an Origin than '*' is returned) informs CDNs and other
+ caches that the CORS headers are dynamic, and cannot be cached.
+
+ If False, the Vary header will never be injected or altered.
+
+ Default : True
+ :type vary_header: bool
+ """
+
+ def __init__(self, app=None, **kwargs):
+ self._options = kwargs
+ if app is not None:
+ self.init_app(app, **kwargs)
+
+ def init_app(self, app, **kwargs):
+ # The resources and options may be specified in the App Config, the CORS constructor
+ # or the kwargs to the call to init_app.
+ options = get_cors_options(app, self._options, kwargs)
+
+ # Flatten our resources into a list of the form
+ # (pattern_or_regexp, dictionary_of_options)
+ resources = parse_resources(options.get('resources'))
+
+ # Compute the options for each resource by combining the options from
+ # the app's configuration, the constructor, the kwargs to init_app, and
+ # finally the options specified in the resources dictionary.
+ resources = [
+ (pattern, get_cors_options(app, options, opts))
+ for (pattern, opts) in resources
+ ]
+
+ # Create a human-readable form of these resources by converting the compiled
+ # regular expressions into strings.
+ resources_human = {get_regexp_pattern(pattern): opts for (pattern,opts) in resources}
+ LOG.debug("Configuring CORS with resources: %s", resources_human)
+
+ cors_after_request = make_after_request_function(resources)
+ app.after_request(cors_after_request)
+
+ # Wrap exception handlers with cross_origin
+ # These error handlers will still respect the behavior of the route
+ if options.get('intercept_exceptions', True):
+ def _after_request_decorator(f):
+ def wrapped_function(*args, **kwargs):
+ return cors_after_request(app.make_response(f(*args, **kwargs)))
+ return wrapped_function
+
+ if hasattr(app, 'handle_exception'):
+ app.handle_exception = _after_request_decorator(
+ app.handle_exception)
+ app.handle_user_exception = _after_request_decorator(
+ app.handle_user_exception)
+
+def make_after_request_function(resources):
+ def cors_after_request(resp):
+ # If CORS headers are set in a view decorator, pass
+ if resp.headers is not None and resp.headers.get(ACL_ORIGIN):
+ LOG.debug('CORS have been already evaluated, skipping')
+ return resp
+ normalized_path = unquote_plus(request.path)
+ for res_regex, res_options in resources:
+ if try_match(normalized_path, res_regex):
+ LOG.debug("Request to '%s' matches CORS resource '%s'. Using options: %s",
+ request.path, get_regexp_pattern(res_regex), res_options)
+ set_cors_headers(resp, res_options)
+ break
+ else:
+ LOG.debug('No CORS rule matches')
+ return resp
+ return cors_after_request
diff --git a/contrib/python/Flask-Cors/py3/flask_cors/version.py b/contrib/python/Flask-Cors/py3/flask_cors/version.py
new file mode 100644
index 0000000000..d6497a814c
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/flask_cors/version.py
@@ -0,0 +1 @@
+__version__ = '4.0.0'
diff --git a/contrib/python/Flask-Cors/py3/ya.make b/contrib/python/Flask-Cors/py3/ya.make
new file mode 100644
index 0000000000..c179084ec3
--- /dev/null
+++ b/contrib/python/Flask-Cors/py3/ya.make
@@ -0,0 +1,30 @@
+# Generated by devtools/yamaker (pypi).
+
+PY3_LIBRARY()
+
+VERSION(4.0.0)
+
+LICENSE(MIT)
+
+PEERDIR(
+ contrib/python/Flask
+)
+
+NO_LINT()
+
+PY_SRCS(
+ TOP_LEVEL
+ flask_cors/__init__.py
+ flask_cors/core.py
+ flask_cors/decorator.py
+ flask_cors/extension.py
+ flask_cors/version.py
+)
+
+RESOURCE_FILES(
+ PREFIX contrib/python/Flask-Cors/py3/
+ .dist-info/METADATA
+ .dist-info/top_level.txt
+)
+
+END()
diff --git a/contrib/python/Flask-Cors/ya.make b/contrib/python/Flask-Cors/ya.make
new file mode 100644
index 0000000000..df95cd8633
--- /dev/null
+++ b/contrib/python/Flask-Cors/ya.make
@@ -0,0 +1,18 @@
+PY23_LIBRARY()
+
+LICENSE(Service-Py23-Proxy)
+
+IF (PYTHON2)
+ PEERDIR(contrib/python/Flask-Cors/py2)
+ELSE()
+ PEERDIR(contrib/python/Flask-Cors/py3)
+ENDIF()
+
+NO_LINT()
+
+END()
+
+RECURSE(
+ py2
+ py3
+)
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 13:44:04 +0000