add in cross domain headers (bug 701409)

2011-12-07 13:40:55 -08:00 · 2011-12-07 13:40:55 -08:00 · a95695a2fe
--- a/apps/webapps/tests/test_verify.py
+++ b/apps/webapps/tests/test_verify.py
@ -15,7 +15,6 @@ from users.models import UserProfile
 from stats.models import Contribution

 import json
-import jwt
 import M2Crypto
 import mock

@ -115,3 +114,19 @@ class TestVerify(amo.tests.TestCase):
        receipt = self.make_install().receipt
        self.assertRaises(M2Crypto.RSA.RSAError, verify.decode_receipt,
                          receipt + 'x')
+
+    @mock.patch.object(verify, 'decode_receipt')
+    def get_headers(self, decode_receipt):
+        decode_receipt.return_value = ''
+        return verify.Verify(3615, '').get_headers(1)
+
+    def test_cross_domain(self):
+        hdrs = self.get_headers()
+        assert ('Access-Control-Allow-Origin', '*') in hdrs, (
+                'No cross domain headers')
+        assert ('Access-Control-Allow-Methods', 'POST') in hdrs, (
+                'Allow POST only')
+
+    def test_no_cache(self):
+        hdrs = self.get_headers()
+        assert ('Cache-Control', 'no-cache') in hdrs, 'No cache header needed'
--- a/services/verify.py
+++ b/services/verify.py
@ -90,7 +90,9 @@ class Verify:
        return '%s GMT' % formatdate(time() + secs)[:25]

    def get_headers(self, length):
-        return [('Content-Type', 'application/json'),
+        return [('Access-Control-Allow-Origin', '*'),
+                ('Access-Control-Allow-Methods', 'POST'),
+                ('Content-Type', 'application/json'),
                ('Content-Length', str(length)),
                ('Cache-Control', 'no-cache'),
                ('Last-Modified', self.format_date(0))]