CORS with pysimplesoap server

Question

I am using pysimplesoap APIs to support a SOAP server with the following code :

httpd = BaseHTTPServer.HTTPServer(("", 8008), SOAPHandler)
httpd.dispatcher = dispatcher
httpd.serve_forever()

This works well, but not if requests are generated using JS/XMLHttpRequest (CORS issue), as the default implementation of SOAPHandler does not support the OPTIONS method. I added this :

class MySOAPHandler(SOAPHandler):
    def do_OPTIONS(self):           
        self.send_response(200)       
        self.send_header('Access-Control-Allow-Origin', '*')                
        self.send_header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
        self.send_header("Access-Control-Allow-Headers", "X-Requested-With")
        self.end_headers()

But the code still does not support CORS requests and the HTTP status is 0?

Answer 1

CORS is a particularly stubborn standard. Your static response for Options will not work for anything but the "basic" requests. You need to make a few changes:

1. Access-Control-Allow-Origin may not be wildcard. It has to be a specific domain. Just look at the request header and echo back the Origin field.
2. Access-Control-Allow-Headers should also be dynamic since clients/JS tend to throw wacky stuff in there. Echo back the Access-Control-Request-Headers field.
3. Also add in a Access-Control-Allow-Credentials: true header.
4. For debugging, to keep yourself sane, put in a Access-Control-Max-Age: 1 header. Without this header the browser will cache the results of the OPTIONS request for a long time. This is fine for production deployment but for testing it just gets annoying.