Enable different CORS for different users #1918
-
|
I am working on API project, i need to know the best way to enable different CORS for different users. For example: users that have a Free plan will have only access to the API if their requests come from localhost or 127.0.0.1, and users that use Premium plan will have access from any server(computer). |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
You need a custom CORS middleware. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the reply, but i have no idea what to modify. Some code example will be helpful :) |
Beta Was this translation helpful? Give feedback.
-
|
It could be something like this. Note, I didn't run this, but you should get the idea: from starlette.middleware.cors import CORSMiddleware
class MyCORSMiddleware:
def __init__(app):
self.app = app
async def __call__(self, scope, receive, send):
current_user = scope['user']
if current_user.id = 1:
cors_mw = CORSMiddleware(self.app, **options_1)
if current_user.id = 2:
cors_mw = CORSMiddleware(self.app, **options_2)
await cors_mw(scope, receive, send)
middleware = [
Middleware(AuthenticationMiddleware), # will add user info into request
Middleware(MyCORSMiddleware),
] |
Beta Was this translation helpful? Give feedback.
It could be something like this. Note, I didn't run this, but you should get the idea: