Best IT Recipes

Enable access control on a simple HTTP server

I have the following script for a very simple HTTP server:

#!/bin/sh echo "Serving at http://localhost:3000" python -m SimpleHTTPServer 3000

I was wondering how can I enable or add a CORS header, such as Access-Control-Allow-Origin: * on this server?

+98
python cors
Feb 22 '14 at 16:00
source share
4 answers

Unfortunately, a simple HTTP server is really so simple that it does not allow any configuration, especially for the headers it sends. However, you can create a simple HTTP server yourself using most of the SimpleHTTPRequestHandler and just add the header you SimpleHTTPRequestHandler .

To do this, simply create a simple-cors-http-server.py (or any other) file and, depending on your version of Python, put one of the following codes inside.

Then you can make python simple-cors-http-server.py and it will start your modified server, which will set the CORS header for each response.

With the hangout at the top, make the file executable and put it in PATH, and you can just run it using simple-cors-http-server.py too.

Python 3 solution

Python 3 uses SimpleHTTPRequestHandler and HTTPServer from the http.server module to start the server:

 #!/usr/bin/env python3 from http.server import HTTPServer, SimpleHTTPRequestHandler, test import sys class CORSRequestHandler (SimpleHTTPRequestHandler): def end_headers (self): self.send_header('Access-Control-Allow-Origin', '*') SimpleHTTPRequestHandler.end_headers(self) if __name__ == '__main__': test(CORSRequestHandler, HTTPServer, port=int(sys.argv[1]) if len(sys.argv) > 1 else 8000)

Python 2 solution

Python 2 uses SimpleHTTPServer.SimpleHTTPRequestHandler and the BaseHTTPServer module to start the server.

 #!/usr/bin/env python2 from SimpleHTTPServer import SimpleHTTPRequestHandler import BaseHTTPServer class CORSRequestHandler (SimpleHTTPRequestHandler): def end_headers (self): self.send_header('Access-Control-Allow-Origin', '*') SimpleHTTPRequestHandler.end_headers(self) if __name__ == '__main__': BaseHTTPServer.test(CORSRequestHandler, BaseHTTPServer.HTTPServer)

Python 2 & 3 Solution

If you need compatibility for both Python 3 and Python 2, you can use this polyglot script, which works in both versions. It first tries to import from Python 3 locations, and otherwise returns to Python 2:

 #!/usr/bin/env python try: # Python 3 from http.server import HTTPServer, SimpleHTTPRequestHandler, test as test_orig import sys def test (*args): test_orig(*args, port=int(sys.argv[1]) if len(sys.argv) > 1 else 8000) except ImportError: # Python 2 from BaseHTTPServer import HTTPServer, test from SimpleHTTPServer import SimpleHTTPRequestHandler class CORSRequestHandler (SimpleHTTPRequestHandler): def end_headers (self): self.send_header('Access-Control-Allow-Origin', '*') SimpleHTTPRequestHandler.end_headers(self) if __name__ == '__main__': test(CORSRequestHandler, HTTPServer)
+152
Feb 22 '14 at 16:28
source

Try an alternative like http server

Since SimpleHTTPServer is actually not the type of server you are deploying in a production environment, I assume that it doesn’t matter which tool you use if it does the job of presenting your files to http://localhost:3000 with CORS headers in a simple command line

 # install (it requires nodejs/npm) npm install http-server -g #run http-server -p 3000 --cors

If you need https locally, you can also try Caddy



Some related tools you may find useful

  • ngrok : when you run ngrok http 3000 it creates a https://$random.ngrok.com that allows anyone access to your server http://localhost:3000 . It can show the world what works locally on your computer (including local backends / apis)

  • localtunnel : almost the same as ngrok

  • now : when starting now it downloads your static resources online and deploys them at https://$random.now.sh . They stay online forever unless you decide otherwise. Deployment is fast (except for the first) due to differentiation. Now suitable for deploying production / SPA code. It can also deploy Docker and NodeJS applications. It is not completely free, but they have a free plan.

+82
Feb 20 '15 at 15:43
source

I had the same problem and came to this solution:

 class Handler(SimpleHTTPRequestHandler): def send_response(self, *args, **kwargs): SimpleHTTPRequestHandler.send_response(self, *args, **kwargs) self.send_header('Access-Control-Allow-Origin', '*')

I just created a new class, inherited from SimpleHTTPRequestHandler, that modifies the send_response method of send_response .

0
Dec 20 '18 at 9:58
source

You will need to provide your own instances of do_GET () (and do_HEAD () if you want to support HEAD operations). something like that:

 class MyHTTPServer(SimpleHTTPServer): allowed_hosts = (('127.0.0.1', 80),) def do_GET(self): if self.client_address not in allowed_hosts: self.send_response(401, 'request not allowed') else: super(MyHTTPServer, self).do_Get()
-one
Feb 22 '14 at 16:10
source


More articles:


All Articles