Add a signal that enables CORS headers.

If you have a use-case that requires running Python code to check if a site exists,
we provide a Django signal that covers this.
We have a ``check_request_enabled`` signal that provides the request.
Here is an example configuration::

    from corsheaders import signals
    from .models import Site

    def handler(sender, request, **kwargs):
        for site in Site.objects.all():
            if request.host in site.domain:
                return True
        return False

    signals.check_request_enabled.connect(handler)

If the signal returns ``True``,
then the request will have headers added to it.

Author: ericholscher

README.rst

@@ -63,6 +63,28 @@ Note that ``CorsMiddleware`` needs to come before Django’s
 setting, otherwise the CORS headers will be lost from the 304
 not-modified responses, causing errors in some browsers.
 
+Signals
+-------
+
+If you have a use-case that requires running Python code to check if a site exists,
+we provide a Django signal that covers this.
+We have a ``check_request_enabled`` signal that provides the request.
+Here is an example configuration::
+
+    from corsheaders import signals
+    from .models import Site
+
+    def handler(sender, request, **kwargs):
+        for site in Site.objects.all():
+            if request.host in site.domain:
+                return True
+        return False
+
+    signals.check_request_enabled.connect(handler)
+
+If the signal returns ``True``,
+then the request will have headers added to it.
+
 Configuration
 -------------
 

corsheaders/middleware.py

@@ -16,6 +16,7 @@
         from django.apps.apps.get_model import get_model
 
 from corsheaders import defaults as settings
+from corsheaders import signals
 
 
 ACCESS_CONTROL_ALLOW_ORIGIN = 'Access-Control-Allow-Origin'
@@ -118,7 +119,8 @@ def process_response(self, request, response):
 
             if (not settings.CORS_ORIGIN_ALLOW_ALL and
                     self.origin_not_found_in_white_lists(origin, url) and
-                    not self.regex_url_allow_all_match(request.path)):
+                    not self.regex_url_allow_all_match(request.path) and
+                    not self.check_signal(request)):
                 return response
 
             response[ACCESS_CONTROL_ALLOW_ORIGIN] = "*" if (
@@ -154,7 +156,15 @@ def regex_domain_match(self, origin):
 
     def is_enabled(self, request):
         return re.match(settings.CORS_URLS_REGEX, request.path) or \
-            self.regex_url_allow_all_match(request.path)
+            self.regex_url_allow_all_match(request.path) or \
+            self.check_signal(request)
+
+    def check_signal(self, request):
+        signal_response = signals.check_request_enabled.send(sender=None, request=request)
+        for function, return_value in signal_response:
+            if return_value:
+                return True
+        return False
 
     def regex_url_allow_all_match(self, path):
         for url_pattern in settings.CORS_URLS_ALLOW_ALL_REGEX:

corsheaders/models.py

@@ -3,3 +3,6 @@
 
 class CorsModel(models.Model):
     cors = models.CharField(max_length=255)
+
+# For model registration
+from .signals import check_request_enabled

corsheaders/signals.py

@@ -0,0 +1,7 @@
+import django.dispatch
+
+# Return Truthy values to enable a specific request.
+# This allows users to build custom logic into the request handling
+check_request_enabled = django.dispatch.Signal(
+    providing_args=["request"]
+)

corsheaders/tests.py

@@ -9,6 +9,7 @@
 from corsheaders.middleware import ACCESS_CONTROL_ALLOW_METHODS
 from corsheaders.middleware import ACCESS_CONTROL_MAX_AGE
 from corsheaders import defaults as settings
+from corsheaders import signals
 from mock import Mock
 from mock import patch
 
@@ -216,6 +217,19 @@ def test_process_response_not_in_whitelist(self, settings):
         processed = self.middleware.process_response(request, response)
         self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
 
+    def test_process_response_signal_works(self, settings):
+        def handler(sender, request, **kwargs):
+            return True
+        settings.CORS_MODEL = None
+        settings.CORS_ORIGIN_ALLOW_ALL = False
+        settings.CORS_ORIGIN_WHITELIST = ['example.com']
+        settings.CORS_URLS_REGEX = '^.*$'
+        signals.check_request_enabled.connect(handler)
+        response = HttpResponse()
+        request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foobar.it'})
+        processed = self.middleware.process_response(request, response)
+        self.assertIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
+
     def test_process_response_in_whitelist(self, settings):
         settings.CORS_MODEL = None
         settings.CORS_ORIGIN_ALLOW_ALL = False