Skip to content

octoprint.server.util#

corsRequestHandler() #

before_request handler for blueprints which sets CORS headers for OPTIONS requests if enabled

corsResponseHandler(resp) #

after_request handler for blueprints for which CORS is supported.

Sets Access-Control-Allow-Origin headers for Origin request header on response.

csrfRequestHandler() #

before_request handler for blueprints which checks for CRFS double token on relevant requests & methods.

csrfResponseHandler(resp) #

after_request handler for updating the CSRF cookie on each response.

has_permissions(*permissions) #

Determines if the current user (either from the session, api key or authorization header) has all of the requested permissions.

Parameters:

  • *permissions

    list of all permissions required to pass the check

loginFromApiKeyRequestHandler() #

before_request handler for blueprints which creates a login session for the provided api key (if available)

App session keys are handled as anonymous keys here and ignored.

loginFromAuthorizationHeaderRequestHandler() #

before_request handler for creating login sessions based on the Authorization header.

loginUser(user, remember = False, login_mechanism = None) #

Logs the provided user into Flask Login and Principal if not None and active

Parameters:

  • user

    the User to login. May be None in which case the login will fail

  • remember

    Whether to set the remember flag on the Flask Login operation

noCachingExceptGetResponseHandler(resp) #

after_request handler for blueprints which shall set no caching headers on their responses to any requests that are not sent with method GET.

See :func:noCachingResponseHandler.

noCachingResponseHandler(resp) #

after_request handler for blueprints which shall set no caching headers on their responses.

Sets Cache-Control, Pragma and Expires headers accordingly to prevent all client side caching from taking place.

optionsAllowOrigin(request) #

Shortcut for request handling for CORS OPTIONS requests to set CORS headers.

require_login(*permissions) #

Returns a redirect response to the login view if the permission requirements are not met.

Parameters:

  • *permissions

    a list of permissions required to pass the check

require_login_with(permissions = None, user_id = None) #

Requires a login with the given permissions and/or user id.

Parameters:

  • permissions

    list of all permissions required to pass the check

  • user_id

    required user to pass the check

validate_local_redirect(url, allowed_paths) #

Validates the given local redirect URL against the given allowed paths.

An url is valid for a local redirect if it has neither scheme nor netloc defined, and its path is one of the given allowed paths.

Parameters:

  • url (str) –

    URL to validate

  • allowed_paths (List[str]) –

    List of allowed paths, only paths contained or prefixed (if allowed path ends with "*") will be considered valid.

Returns:

  • bool

    Whether the url passed validation or not.