CORS in Google App Engine from Bruce Sherwood on 2012-04-26 (public-webapps@w3.org from April to June 2012)

From: Bruce Sherwood <bruce.sherwood@gmail.com>
Date: Thu, 26 Apr 2012 09:46:27 -0600
To: public-webapps@w3.org
Message-ID: <CA+WuaSc_1cEt0syn0FhGTnENWYQTSuy2J9zYH0GVwPnmQfsEow@mail.gmail.com>

(My apologies if this appears twice, but it looks like my original
posting got lost in the process of subscribing.)

I've searched unsuccessfully for more help on enabling CORS in a
Python-based Google App Engine web site. I want to enable cross-origin
access to a folder containing jpeg files (to be used as textures in a
WebGL application). What I found as an example for an enable script is
this (where I've added the import line; the name of the Python file is
enablecors.py):

------------------------------------------------
from google.appengine.ext import webapp
class CORSEnabledHandler(webapp.RequestHandler):
 def get(self):
   self.response.headers.add_header("Access-Control-Allow-Origin", "*")
   self.response.headers['Content-Type'] = 'text/csv'
   self.response.out.write(self.dump_csv())
------------------------------------------------

I'm guessing that my app.yaml file should have an entry like the
following, where the folder /untrusted/testimages contains the ".jpg"
files:

- url: /untrusted/testimages/.*
  script: ide/enablecors.py

Because there is some documentation that implies that the GAE will by
default do the right thing based on the ".jpg" file extension, I'm
guessing that I can (should?) comment out the last two lines of the
little Python program. But if that's not the case, I'm guessing that
the next-to-the last statement should be

self.response.headers['Content-Type'] = 'image/jpeg'

But then would should the final statement be?

A minor point: I tried to say

- url: /untrusted/testimages/.*
  static_dir: untrusted/testimages
  script: ide/enablecors.py

because I thought that was the right way to handle images, but the GAE
launcher complains about this.

I'd really appreciate some very explicit details on how to set this
up, as none of the various permutations I've tried have worked.

The context is GlowScript (glowscript.org), which allows even
nonexpert programmers to write JavaScript or CoffeeScript programs to
generate 3D animations using WebGL. The programs are developed in the
cloud and can run in the cloud, but one can export the code to one's
own web site. In that case, however, CORS needs to be enabled so that
when the program runs outside glowscript.org the program can still get
at the images stored at glowscript.org.

Bruce Sherwood

Received on Friday, 27 April 2012 10:32:15 UTC