CORS in Google App Engine from Bruce Sherwood on 2012-04-26 (public-webapps@w3.org from April to June 2012)

From: Bruce Sherwood <bruce.sherwood@gmail.com>
Date: Wed, 25 Apr 2012 22:21:49 -0600
To: public-webapps@w3.org
Cc: Bruce Sherwood <bruce.sherwood@gmail.com>
Message-ID: <CA+WuaScTeWH0zY2tDHTGftCTE6SGo_M3rOt1Bk-KMQxB4d1icA@mail.gmail.com>

I've searched unsuccessfully for more help on enabling CORS in a
Python-based Google App Engine web site. I want to enable cross-origin
access to a folder containing jpeg files (to be used as textures in a
WebGL application). What I found as an example for an enable script is
this (where I've added the import line; the name of the Python file is
enablecors.py):

from google.appengine.ext import webapp

class CORSEnabledHandler(webapp.RequestHandler):
  def get(self):
    self.response.headers.add_header("Access-Control-Allow-Origin", "*")
    self.response.headers['Content-Type'] = 'text/csv'
    self.response.out.write(self.dump_csv())

I'm guessing that my app.yaml file should have an entry like the
following, where the folder /untrusted/testimages contains the ".jpg"
files:

- url: /untrusted/testimages/.*
  script: untrusted/enablecors.py

Because there is some documentation that implies that the GAE will by
default do the right thing based on the ".jpg" file extension, I'm
guessing that I can (should?) comment out the last two lines of the
little Python program. But if that's not the case, I'm guessing that
the next-to-the last statement should be

self.response.headers['Content-Type'] = 'image/jpeg'

But then would should the final statement be?

A minor point: I tried to say

- url: /untrusted/testimages/.*
  static_dir: untrusted/testimages
  script: untrusted/enablecors.py

because I thought that was the right way to handle images, but the GAE
launcher complains about this.

I'd really appreciate some very explicit details on how to set this
up, as none of the various permutations I've tried have worked. The
context is GlowScript (glowscript.org), which allows even nonexpert
programmers to write JavaScript or CoffeeScript programs to generate
3D animations using WebGL. The programs are developed in the cloud and
can run in the cloud, but one can export the code to one's own web
site. In that case, however, CORS needs to be enabled so that when the
program runs outside glowscript.org the program can still get at the
images stored at glowscript.org.

Bruce Sherwood

Received on Friday, 27 April 2012 10:32:17 UTC