34 from cubicweb import ( |
34 from cubicweb import ( |
35 ValidationError, Unauthorized, Forbidden, |
35 ValidationError, Unauthorized, Forbidden, |
36 AuthenticationError, NoSelectableObject, |
36 AuthenticationError, NoSelectableObject, |
37 BadConnectionId, CW_EVENT_MANAGER) |
37 BadConnectionId, CW_EVENT_MANAGER) |
38 from cubicweb.repoapi import anonymous_cnx |
38 from cubicweb.repoapi import anonymous_cnx |
39 from cubicweb.web import LOGGER, component |
39 from cubicweb.web import LOGGER, component, cors |
40 from cubicweb.web import ( |
40 from cubicweb.web import ( |
41 StatusResponse, DirectResponse, Redirect, NotFound, LogOut, |
41 StatusResponse, DirectResponse, Redirect, NotFound, LogOut, |
42 RemoteCallFailed, InvalidSession, RequestError, PublishException) |
42 RemoteCallFailed, InvalidSession, RequestError, PublishException) |
43 |
43 |
44 from cubicweb.web.request import CubicWebRequestBase |
44 from cubicweb.web.request import CubicWebRequestBase |
413 # XXX ensure we don't actually serve content |
413 # XXX ensure we don't actually serve content |
414 if not content: |
414 if not content: |
415 content = self.need_login_content(req) |
415 content = self.need_login_content(req) |
416 return content |
416 return content |
417 |
417 |
|
418 |
418 def core_handle(self, req, path): |
419 def core_handle(self, req, path): |
419 """method called by the main publisher to process <path> |
420 """method called by the main publisher to process <path> |
420 |
421 |
421 should return a string containing the resulting page or raise a |
422 should return a string containing the resulting page or raise a |
422 `NotFound` exception |
423 `NotFound` exception |
438 tstart = clock() |
439 tstart = clock() |
439 commited = False |
440 commited = False |
440 try: |
441 try: |
441 ### standard processing of the request |
442 ### standard processing of the request |
442 try: |
443 try: |
|
444 # apply CORS sanity checks |
|
445 cors.process_request(req, self.vreg.config) |
443 ctrlid, rset = self.url_resolver.process(req, path) |
446 ctrlid, rset = self.url_resolver.process(req, path) |
444 try: |
447 try: |
445 controller = self.vreg['controllers'].select(ctrlid, req, |
448 controller = self.vreg['controllers'].select(ctrlid, req, |
446 appli=self) |
449 appli=self) |
447 except NoSelectableObject: |
450 except NoSelectableObject: |
448 raise Unauthorized(req._('not authorized')) |
451 raise Unauthorized(req._('not authorized')) |
449 req.update_search_state() |
452 req.update_search_state() |
450 result = controller.publish(rset=rset) |
453 result = controller.publish(rset=rset) |
|
454 except cors.CORSPreflight: |
|
455 # Return directly an empty 200 |
|
456 req.status_out = 200 |
|
457 result = '' |
451 except StatusResponse as ex: |
458 except StatusResponse as ex: |
452 warn('[3.16] StatusResponse is deprecated use req.status_out', |
459 warn('[3.16] StatusResponse is deprecated use req.status_out', |
453 DeprecationWarning, stacklevel=2) |
460 DeprecationWarning, stacklevel=2) |
454 result = ex.content |
461 result = ex.content |
455 req.status_out = ex.status |
462 req.status_out = ex.status |