Add conf argument to CorsMiddleware

Jaap Roes · Jaap Roes · commit 75cc53c13782 · 2023-10-05T10:04:24.000+02:00
diff --git a/src/corsheaders/middleware.py b/src/corsheaders/middleware.py
@@ -13,6 +13,7 @@
 from django.utils.cache import patch_vary_headers
 
 from corsheaders.conf import conf
+from corsheaders.conf import Settings
 from corsheaders.signals import check_request_enabled
 
 ACCESS_CONTROL_ALLOW_ORIGIN = "access-control-allow-origin"
@@ -35,8 +36,10 @@ def __init__(
             Callable[[HttpRequest], HttpResponseBase]
             | Callable[[HttpRequest], Awaitable[HttpResponseBase]]
         ),
+        conf: Settings = conf,
     ) -> None:
         self.get_response = get_response
+        self.conf = conf
         if asyncio.iscoroutinefunction(self.get_response):
             # Mark the class as async-capable, but do the actual switch
             # inside __call__ to avoid swapping out dunder methods
@@ -105,34 +108,38 @@ def add_response_headers(
         except ValueError:
             return response
 
-        if conf.CORS_ALLOW_CREDENTIALS:
+        if self.conf.CORS_ALLOW_CREDENTIALS:
             response[ACCESS_CONTROL_ALLOW_CREDENTIALS] = "true"
 
         if (
-            not conf.CORS_ALLOW_ALL_ORIGINS
+            not self.conf.CORS_ALLOW_ALL_ORIGINS
             and not self.origin_found_in_white_lists(origin, url)
             and not self.check_signal(request)
         ):
             return response
 
-        if conf.CORS_ALLOW_ALL_ORIGINS and not conf.CORS_ALLOW_CREDENTIALS:
+        if self.conf.CORS_ALLOW_ALL_ORIGINS and not self.conf.CORS_ALLOW_CREDENTIALS:
             response[ACCESS_CONTROL_ALLOW_ORIGIN] = "*"
         else:
             response[ACCESS_CONTROL_ALLOW_ORIGIN] = origin
 
-        if len(conf.CORS_EXPOSE_HEADERS):
+        if len(self.conf.CORS_EXPOSE_HEADERS):
             response[ACCESS_CONTROL_EXPOSE_HEADERS] = ", ".join(
-                conf.CORS_EXPOSE_HEADERS
+                self.conf.CORS_EXPOSE_HEADERS
             )
 
         if request.method == "OPTIONS":
-            response[ACCESS_CONTROL_ALLOW_HEADERS] = ", ".join(conf.CORS_ALLOW_HEADERS)
-            response[ACCESS_CONTROL_ALLOW_METHODS] = ", ".join(conf.CORS_ALLOW_METHODS)
-            if conf.CORS_PREFLIGHT_MAX_AGE:
-                response[ACCESS_CONTROL_MAX_AGE] = str(conf.CORS_PREFLIGHT_MAX_AGE)
+            response[ACCESS_CONTROL_ALLOW_HEADERS] = ", ".join(
+                self.conf.CORS_ALLOW_HEADERS
+            )
+            response[ACCESS_CONTROL_ALLOW_METHODS] = ", ".join(
+                self.conf.CORS_ALLOW_METHODS
+            )
+            if self.conf.CORS_PREFLIGHT_MAX_AGE:
+                response[ACCESS_CONTROL_MAX_AGE] = str(self.conf.CORS_PREFLIGHT_MAX_AGE)
 
         if (
-            conf.CORS_ALLOW_PRIVATE_NETWORK
+            self.conf.CORS_ALLOW_PRIVATE_NETWORK
             and request.headers.get(ACCESS_CONTROL_REQUEST_PRIVATE_NETWORK) == "true"
         ):
             response[ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK] = "true"
@@ -141,28 +148,28 @@ def add_response_headers(
 
     def origin_found_in_white_lists(self, origin: str, url: SplitResult) -> bool:
         return (
-            (origin == "null" and origin in conf.CORS_ALLOWED_ORIGINS)
+            (origin == "null" and origin in self.conf.CORS_ALLOWED_ORIGINS)
             or self._url_in_whitelist(url)
             or self.regex_domain_match(origin)
         )
 
     def regex_domain_match(self, origin: str) -> bool:
         return any(
             re.match(domain_pattern, origin)
-            for domain_pattern in conf.CORS_ALLOWED_ORIGIN_REGEXES
+            for domain_pattern in self.conf.CORS_ALLOWED_ORIGIN_REGEXES
         )
 
     def is_enabled(self, request: HttpRequest) -> bool:
         return bool(
-            re.match(conf.CORS_URLS_REGEX, request.path_info)
+            re.match(self.conf.CORS_URLS_REGEX, request.path_info)
         ) or self.check_signal(request)
 
     def check_signal(self, request: HttpRequest) -> bool:
         signal_responses = check_request_enabled.send(sender=None, request=request)
         return any(return_value for function, return_value in signal_responses)
 
     def _url_in_whitelist(self, url: SplitResult) -> bool:
-        origins = [urlsplit(o) for o in conf.CORS_ALLOWED_ORIGINS]
+        origins = [urlsplit(o) for o in self.conf.CORS_ALLOWED_ORIGINS]
         return any(
             origin.scheme == url.scheme and origin.netloc == url.netloc
             for origin in origins
