Spaces:

izuemon
/

any-env-code

Paused

App Files Files Community

izuemon commited on 21 days ago

Commit

53c9456

verified ·

1 Parent(s): 4ac967c

Update app.py

Browse files

Files changed (1) hide show

app.py +43 -28

app.py CHANGED Viewed

@@ -80,29 +80,29 @@ def get_managers():
     return jsonify(res.json().get("managers", []))
-@app.route("/cors-proxy", methods=["GET"])
-def corsproxy():
-    url = request.args.get("url")
-    if not url:
-        return "url パラメータが必要です", 400
-    if not url.startswith(("http://", "https://")):
-        return "http または https のURLのみ使用できます", 400
-    resp = requests.get(url, headers=request.headers, timeout=60)
-    response = Response(resp.content, resp.status_code)
-    response.headers["Access-Control-Allow-Origin"] = "*"
-    response.headers["Access-Control-Allow-Headers"] = "*"
-    response.headers["Access-Control-Allow-Methods"] = "GET, POST, PATCH, OPTIONS"
-    if "Content-Type" in resp.headers:
-        response.headers["Content-Type"] = resp.headers["Content-Type"]
-    return response
-@app.route("/cors-proxy", methods=["POST", "PATCH"])
-def corsproxy_post():
     url = request.args.get("url")
     if not url:
         return "url パラメータが必要です", 400
@@ -110,21 +110,36 @@ def corsproxy_post():
     if not url.startswith(("http://", "https://")):
         return "http または https のURLのみ使用できます", 400
     resp = requests.request(
         method=request.method,
         url=url,
-        headers=request.headers,
-        data=request.data,
-        timeout=60,
     )
-    headers = {
-        "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Headers": "*",
-        "Access-Control-Allow-Methods": "GET, POST, PATCH, OPTIONS",
-    }
-    return Response(resp.content, resp.status_code, headers=headers)
 if __name__ == "__main__":
     if os.environ.get("WERKZEUG_RUN_MAIN") != "true":

     return jsonify(res.json().get("managers", []))
+FORWARD_HEADERS = {
+    "User-Agent",
+    "Accept",
+    "Content-Type",
+    "Authorization",
+}
+@app.route("/cors-proxy", methods=["GET", "POST", "PATCH", "PUT", "DELETE", "OPTIONS"])
+def cors_proxy():
+    # Preflight 対応
+    if request.method == "OPTIONS":
+        return Response(
+            "",
+            204,
+            headers={
+                "Access-Control-Allow-Origin": "*",
+                "Access-Control-Allow-Headers": "*",
+                "Access-Control-Allow-Methods": "GET, POST, PATCH, PUT, DELETE, OPTIONS",
+            },
+        )
     url = request.args.get("url")
     if not url:
         return "url パラメータが必要です", 400
     if not url.startswith(("http://", "https://")):
         return "http または https のURLのみ使用できます", 400
+    # 必要なヘッダだけ転送
+    headers = {
+        k: v for k, v in request.headers.items()
+        if k in FORWARD_HEADERS
+    }
+    # gzip 問題回避
+    headers.pop("Accept-Encoding", None)
     resp = requests.request(
         method=request.method,
         url=url,
+        headers=headers,
+        data=request.get_data(),
+        params=request.args.to_dict(flat=True),
+        timeout=30,
     )
+    response = Response(resp.content, resp.status_code)
+    # CORS ヘッダ付与
+    response.headers["Access-Control-Allow-Origin"] = "*"
+    response.headers["Access-Control-Allow-Headers"] = "*"
+    response.headers["Access-Control-Allow-Methods"] = "GET, POST, PATCH, PUT, DELETE, OPTIONS"
+    # Content-Type は元のまま
+    if "Content-Type" in resp.headers:
+        response.headers["Content-Type"] = resp.headers["Content-Type"]
+    return response
 if __name__ == "__main__":
     if os.environ.get("WERKZEUG_RUN_MAIN") != "true":