# datasette-cors
[](https://pypi.org/project/datasette-cors/)
[](https://github.com/simonw/datasette-cors/actions/workflows/test.yml)
[](https://github.com/simonw/datasette-cors/releases)
[](https://github.com/simonw/datasette-cors/blob/main/LICENSE)
Datasette plugin for configuring CORS headers, based on [asgi-cors](https://github.com/simonw/asgi-cors).
You can use this plugin to allow JavaScript running on an allowlisted set of domains to make `fetch()` calls to the JSON API provided by your Datasette instance.
## Installation
```bash
datasette install datasette-cors
```
## Configuration
You need to add some plugin configuration for this plugin to take effect.
To allowlist specific domains, use this:
```json
{
"plugins": {
"datasette-cors": {
"hosts": ["https://www.example.com"]
}
}
}
```
This affects the `access-control-allow-origin` header.
You can also allowlist host patterns like this:
```json
{
"plugins": {
"datasette-cors": {
"host_wildcards": ["https://*.example.com"]
}
}
}
```
To allow all origins, use:
```json
{
"plugins": {
"datasette-cors": {
"allow_all": true
}
}
}
```
This sets the `access-control-allow-origin` header to `*`.
You can specify allowed headers - with the `access-control-allow-headers` header - using the `headers` option:
```json
{
"plugins": {
"datasette-cors": {
"allow_all": true,
"headers": ["Authorization", "Content-Type"]
}
}
}
```
To allow specific HTTP methods with the `access-control-allow-methods` header, use the `methods` option:
```json
{
"plugins": {
"datasette-cors": {
"allow_all": true,
"methods": ["GET", "POST", "OPTIONS"]
}
}
}
```
You can set the `access-control-max-age` header using the `max_age` option:
```json
{
"plugins": {
"datasette-cors": {
"allow_all": true,
"max_age": 3600
}
}
}
```
## Testing it
To test this plugin out, run it locally by saving one of the above examples as `metadata.json` and running this:
```bash
datasette -m metadata.json
```
With Datasette 1.0 use `-c config.json` instead, or try this:
```bash
datasette -s plugins.datasette-cors.allow_all true
```
Now visit https://www.example.com/ in your browser, open the browser developer console and paste in the following:
```javascript
fetch("http://127.0.0.1:8001/_memory.json?sql=select+sqlite_version%28%29").then(r => r.json()).then(console.log)
```
If the plugin is working correctly, you will see the JSON response output to the console.
Raw data
{
"_id": null,
"home_page": "https://github.com/simonw/datasette-cors",
"name": "datasette-cors",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "Simon Willison",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/25/07/55f754a104eddba0d3080a50a2c96d75c6851d65db29f6fcd1b244fb8512/datasette-cors-1.0.1.tar.gz",
"platform": null,
"description": "# datasette-cors\n\n[](https://pypi.org/project/datasette-cors/)\n[](https://github.com/simonw/datasette-cors/actions/workflows/test.yml)\n[](https://github.com/simonw/datasette-cors/releases)\n[](https://github.com/simonw/datasette-cors/blob/main/LICENSE)\n\nDatasette plugin for configuring CORS headers, based on [asgi-cors](https://github.com/simonw/asgi-cors).\n\nYou can use this plugin to allow JavaScript running on an allowlisted set of domains to make `fetch()` calls to the JSON API provided by your Datasette instance.\n\n## Installation\n```bash\ndatasette install datasette-cors\n```\n## Configuration\n\nYou need to add some plugin configuration for this plugin to take effect.\n\nTo allowlist specific domains, use this:\n\n```json\n{\n \"plugins\": {\n \"datasette-cors\": {\n \"hosts\": [\"https://www.example.com\"]\n }\n }\n}\n```\nThis affects the `access-control-allow-origin` header.\n\nYou can also allowlist host patterns like this:\n\n```json\n{\n \"plugins\": {\n \"datasette-cors\": {\n \"host_wildcards\": [\"https://*.example.com\"]\n }\n }\n}\n```\n\nTo allow all origins, use:\n\n```json\n{\n \"plugins\": {\n \"datasette-cors\": {\n \"allow_all\": true\n }\n }\n}\n```\nThis sets the `access-control-allow-origin` header to `*`.\n\nYou can specify allowed headers - with the `access-control-allow-headers` header - using the `headers` option:\n\n```json\n{\n \"plugins\": {\n \"datasette-cors\": {\n \"allow_all\": true,\n \"headers\": [\"Authorization\", \"Content-Type\"]\n }\n }\n}\n```\n\nTo allow specific HTTP methods with the `access-control-allow-methods` header, use the `methods` option:\n\n```json\n{\n \"plugins\": {\n \"datasette-cors\": {\n \"allow_all\": true,\n \"methods\": [\"GET\", \"POST\", \"OPTIONS\"]\n }\n }\n}\n```\n\nYou can set the `access-control-max-age` header using the `max_age` option:\n\n```json\n{\n \"plugins\": {\n \"datasette-cors\": {\n \"allow_all\": true,\n \"max_age\": 3600\n }\n }\n}\n```\n\n## Testing it\n\nTo test this plugin out, run it locally by saving one of the above examples as `metadata.json` and running this:\n```bash\ndatasette -m metadata.json\n```\nWith Datasette 1.0 use `-c config.json` instead, or try this:\n```bash\ndatasette -s plugins.datasette-cors.allow_all true\n```\n\nNow visit https://www.example.com/ in your browser, open the browser developer console and paste in the following:\n\n```javascript\nfetch(\"http://127.0.0.1:8001/_memory.json?sql=select+sqlite_version%28%29\").then(r => r.json()).then(console.log)\n```\n\nIf the plugin is working correctly, you will see the JSON response output to the console.\n",
"bugtrack_url": null,
"license": "Apache License, Version 2.0",
"summary": "Datasette plugin for configuring CORS headers",
"version": "1.0.1",
"project_urls": {
"Homepage": "https://github.com/simonw/datasette-cors"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "99a8293da46a70fc332d57646a8fb2beddab12f9f36a824b538fae09061bd5a9",
"md5": "ac7cfed70d9344f0454364fb32162973",
"sha256": "e5890293fd81c469672b9fb63958e094b10449b1f126a406ce4036640b57b040"
},
"downloads": -1,
"filename": "datasette_cors-1.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ac7cfed70d9344f0454364fb32162973",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 7033,
"upload_time": "2024-04-12T03:22:41",
"upload_time_iso_8601": "2024-04-12T03:22:41.311751Z",
"url": "https://files.pythonhosted.org/packages/99/a8/293da46a70fc332d57646a8fb2beddab12f9f36a824b538fae09061bd5a9/datasette_cors-1.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "250755f754a104eddba0d3080a50a2c96d75c6851d65db29f6fcd1b244fb8512",
"md5": "ce512025a5670e1b549925c8271ec653",
"sha256": "a676982c6d316258d634e1e2437ec842fe917be601468ea5a16ed8a6ef9a9182"
},
"downloads": -1,
"filename": "datasette-cors-1.0.1.tar.gz",
"has_sig": false,
"md5_digest": "ce512025a5670e1b549925c8271ec653",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 6626,
"upload_time": "2024-04-12T03:22:42",
"upload_time_iso_8601": "2024-04-12T03:22:42.254054Z",
"url": "https://files.pythonhosted.org/packages/25/07/55f754a104eddba0d3080a50a2c96d75c6851d65db29f6fcd1b244fb8512/datasette-cors-1.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-12 03:22:42",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "simonw",
"github_project": "datasette-cors",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "datasette-cors"
}
JSON
