These are chat archives for cherrypy/cherrypy

Jun 2018
Jason R. Coombs
Jun 04 2018 12:20
@motoom: That approach seems reasonable. Ideally the ‘auth’ and ‘cors’ aspects would be decoupled, but for that to be the case, the auth tool would need some way to determine which requests to authenticate based on the method. That line of reasoning leads me to think the built-in basic auth tool should gain that functionality. Or even better would be a way to construct/configure any tool to honor only certain methods, though it’s not clear to me where that could happen. But ideally the ultimate usage would be something like tools.auth_basic.exclude_methods=[‘OPTIONS’].
I’ll file that as a ticket. If it’s something on which you’d be interested to contribute back to CherryPy, let’s continue the conversation there.
If the auth tool had a filter like that, then you could enable that tool alongside cherrypy-cors and they would work independently but together.