Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

datasette-cors

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

datasette-cors

Datasette plugin for configuring CORS headers

  • 1.0.1
  • PyPI
  • Socket score
Maintainers
1

datasette-cors

PyPI Tests Changelog License

Datasette plugin for configuring CORS headers, based on asgi-cors.

You can use this plugin to allow JavaScript running on an allowlisted set of domains to make fetch() calls to the JSON API provided by your Datasette instance.

Installation

datasette install datasette-cors

Configuration

You need to add some plugin configuration for this plugin to take effect.

To allowlist specific domains, use this:

{
    "plugins": {
        "datasette-cors": {
            "hosts": ["https://www.example.com"]
        }
    }
}

This affects the access-control-allow-origin header.

You can also allowlist host patterns like this:

{
    "plugins": {
        "datasette-cors": {
            "host_wildcards": ["https://*.example.com"]
        }
    }
}

To allow all origins, use:

{
    "plugins": {
        "datasette-cors": {
            "allow_all": true
        }
    }
}

This sets the access-control-allow-origin header to *.

You can specify allowed headers - with the access-control-allow-headers header - using the headers option:

{
    "plugins": {
        "datasette-cors": {
            "allow_all": true,
            "headers": ["Authorization", "Content-Type"]
        }
    }
}

To allow specific HTTP methods with the access-control-allow-methods header, use the methods option:

{
    "plugins": {
        "datasette-cors": {
            "allow_all": true,
            "methods": ["GET", "POST", "OPTIONS"]
        }
    }
}

You can set the access-control-max-age header using the max_age option:

{
    "plugins": {
        "datasette-cors": {
            "allow_all": true,
            "max_age": 3600
        }
    }
}

Testing it

To test this plugin out, run it locally by saving one of the above examples as metadata.json and running this:

datasette -m metadata.json

With Datasette 1.0 use -c config.json instead, or try this:

datasette -s plugins.datasette-cors.allow_all true

Now visit https://www.example.com/ in your browser, open the browser developer console and paste in the following:

fetch("http://127.0.0.1:8001/_memory.json?sql=select+sqlite_version%28%29").then(r => r.json()).then(console.log)

If the plugin is working correctly, you will see the JSON response output to the console.

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Research

Security News

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.

By Kirill Boychenko  -  Dec 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc