hTddlZddlmZddlmZddlmZddlmZddl m Z ddl m Z dZ d Zd Zd Zd Zd ZGddeZGddeZy)N)urlparse)http)patch_vary_headers)MiddlewareMixin)conf)check_request_enabledzAccess-Control-Allow-OriginzAccess-Control-Expose-Headersz Access-Control-Allow-CredentialszAccess-Control-Allow-HeaderszAccess-Control-Allow-MethodszAccess-Control-Max-AgeceZdZdZdZdZy)CorsPostCsrfMiddlewarectjr;d|jvr,|jd}||jd<|jd=yyy)zj Put the HTTP_REFERER back to its original value and delete the temporary storage ORIGINAL_HTTP_REFERER HTTP_REFERERN)rCORS_REPLACE_HTTPS_REFERERMETA)selfrequest http_referers Y/var/www/html/ranktracker/api/venv/lib/python3.12/site-packages/corsheaders/middleware.py_https_referer_replace_reversez5CorsPostCsrfMiddleware._https_referer_replace_reversesL  * */F',,/V"<<(?@L+7GLL ( 450W *c&|j|yNrrrs rprocess_requestz&CorsPostCsrfMiddleware.process_request ++G4rc&|j|yrrrrcallback callback_argscallback_kwargss r process_viewz#CorsPostCsrfMiddleware.process_view"rrN)__name__ __module__ __qualname__rrr!rrr r s6rr cBeZdZdZdZdZdZdZdZdZ dZ d Z y ) CorsMiddlewarec|jjd}|jr|rd|jvrt|}tj s|j ||sy |jd}d|jdz}|jj|_||jd<||jd<yyyy#t$rYywxYw)a When https is enabled, django CSRF checking includes referer checking which breaks when using CORS. This function updates the HTTP_REFERER header to make sure it matches HTTP_HOST, provided that our cors logic succeeds HTTP_ORIGINr Nr z https://%s/ HTTP_HOST) rget is_securerrCORS_ALLOW_ALL_ORIGINSorigin_found_in_white_listscopyKeyError)rroriginurlr http_hosts r_https_referer_replacez%CorsMiddleware._https_referer_replace(s!!-0    'w||;6"C//88E &||N; )GLL,EE &||002 8D 45/8 ^,< $  s+AC CCc|j||_|jr[tjr|j ||j dk(r*d|j vrtj}d|d<|Syyy)a If CORS preflight header, then create an empty body response (200 OK) and return it Django won't bother calling any other request view/exception middleware along with the requested view; it will call any response middlewares OPTIONS"HTTP_ACCESS_CONTROL_REQUEST_METHOD0zContent-LengthN) is_enabled _cors_enabledrrr4methodrr HttpResponse)rrresponses rrzCorsMiddleware.process_requestGs}!% 8  ..++G4)+8GLLH,,.-0)* I, !rc^|jr!tjr|j|y)z9 Do the referer replacement here as well N)r:rrr4rs rr!zCorsMiddleware.process_view]s&  T%D%D  ' ' 0rc@t|dd}||j|}|s|St|dg|jj d}|s|St |}t jr d|t<t js%|j||s|j|s|St jrt js d|t<n ||t<tt jr&djt j|t <|j"dk(rsdjt j$|t&<djt j(|t*<t j,rt j,|t.<|S) z1 Add the respective CORS headers r:NOriginr)true*z, r6)getattrr9rrr+rrCORS_ALLOW_CREDENTIALS ACCESS_CONTROL_ALLOW_CREDENTIALSr-r. check_signalACCESS_CONTROL_ALLOW_ORIGINlenCORS_EXPOSE_HEADERSjoinACCESS_CONTROL_EXPOSE_HEADERSr;CORS_ALLOW_HEADERSACCESS_CONTROL_ALLOW_HEADERSCORS_ALLOW_METHODSACCESS_CONTROL_ALLOW_METHODSCORS_PREFLIGHT_MAX_AGEACCESS_CONTROL_MAX_AGE)rrr=enabledr1r2s rprocess_responsezCorsMiddleware.process_responseesV'?D9 ?oog.GO8hZ0!!-0Ov  & &9?H5 6++44VSA%%g.O  & &t/J/J47H0 14:H0 1 t'' (6:ii((7H2 3 >>Y &59YYt?V?V5WH1 259YYt?V?V5WH1 2**373N3N/0rc|dk(xr|tjvxs$|j|xs|j|S)Nnull)rCORS_ALLOWED_ORIGINS_url_in_whitelistregex_domain_match)rr1r2s rr.z*CorsMiddleware.origin_found_in_white_listssE v  E&D,E,E"E /%%c* /&&v. rcbtjD]}tj||s|cSyr)rCORS_ALLOWED_ORIGIN_REGEXESrematch)rr1domain_patterns rrXz!CorsMiddleware.regex_domain_matchs*">> Nxx/  rcttjtj|j xs|j |Sr)boolr[r\rCORS_URLS_REGEX path_inforFrs rr9zCorsMiddleware.is_enableds< HHT))7+<+< = (   w ' (rcTtjd|}td|DS)N)senderrc3&K|] \}}| ywrr%).0function return_values r z.CorsMiddleware.check_signal..sO$:Hl<Os)rsendany)rrsignal_responsess rrFzCorsMiddleware.check_signals'055T7SO>NOOOrctjDcgc] }t|}}tfd|DScc}w)Nc3K|]8}|jjk(xr|jjk(:ywr)schemenetloc)rer1r2s rrhz3CorsMiddleware._url_in_whitelist..s;  MMSZZ ' GFMMSZZ,G G s>A)rrVrrj)rr2ooriginss ` rrWz CorsMiddleware._url_in_whitelists@(,(A(AB18A;BB !   Cs<N) r"r#r$r4rr!rSr.rXr9rFrWr%rrr'r''s1> ,.`  ( P rr')r[ urllib.parserdjangordjango.utils.cacherdjango.utils.deprecationrcorsheaders.confrcorsheaders.signalsrrGrKrErMrOrQr r'r%rrrxsX !14!5; ?#E ==1_(H _H r