From 587ada964ee238814cb82fbba14d606ab9be007f Mon Sep 17 00:00:00 2001
From: Fabien Meghazi <fme@openerp.com>
Date: Thu, 20 Feb 2014 14:37:14 +0100
Subject: [PATCH] [IMP] Refactor CROS support

bzr revid: fme@openerp.com-20140220133714-igpobx20mhzlxi20
---
 openerp/http.py | 38 +++++++++++++++-----------------------
 1 file changed, 15 insertions(+), 23 deletions(-)

diff --git a/openerp/http.py b/openerp/http.py
index 90dbb6bbe86..2a5b89f7ee7 100644
--- a/openerp/http.py
+++ b/openerp/http.py
@@ -452,19 +452,12 @@ class HttpRequest(WebRequest):
         self.params = params
 
     def dispatch(self):
-        # TODO: refactor this correctly. This is a quick fix for pos demo.
         if request.httprequest.method == 'OPTIONS' and request.endpoint and request.endpoint.routing.get('cors'):
-            response = Response(status=200)
-            response.headers.set('Access-Control-Allow-Origin', request.endpoint.routing['cors'])
-            methods = 'GET, POST'
-            if request.endpoint.routing['type'] == 'json':
-                methods = 'POST'
-            elif request.endpoint.routing.get('methods'):
-                methods = ', '.join(request.endpoint.routing['methods'])
-            response.headers.set('Access-Control-Allow-Methods', methods)
-            response.headers.set('Access-Control-Max-Age',60*60*24)
-            response.headers.set('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept')
-            return response
+            headers = {
+                'Access-Control-Max-Age': 60 * 60 * 24,
+                'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept'
+            }
+            return Response(status=200, headers=headers)
 
         r = self._call_function(**self.params)
         if not r:
@@ -953,13 +946,22 @@ class Response(werkzeug.wrappers.Response):
         template = kw.pop('template', None)
         qcontext = kw.pop('qcontext', None)
         uid = kw.pop('uid', None)
-        self.set_default(template, qcontext, uid)
         super(Response, self).__init__(*args, **kw)
+        self.set_default(template, qcontext, uid)
 
     def set_default(self, template=None, qcontext=None, uid=None):
         self.template = template
         self.qcontext = qcontext or dict()
         self.uid = uid
+        # Support for Cross-Origin Resource Sharing
+        if request.endpoint and 'cors' in request.endpoint.routing:
+            self.headers.set('Access-Control-Allow-Origin', request.endpoint.routing['cors'])
+            methods = 'GET, POST'
+            if request.endpoint.routing['type'] == 'json':
+                methods = 'POST'
+            elif request.endpoint.routing.get('methods'):
+                methods = ', '.join(request.endpoint.routing['methods'])
+            self.headers.set('Access-Control-Allow-Methods', methods)
 
     @property
     def is_qweb(self):
@@ -1132,16 +1134,6 @@ class Root(object):
         if not explicit_session and hasattr(response, 'set_cookie'):
             response.set_cookie('session_id', httprequest.session.sid, max_age=90 * 24 * 60 * 60)
 
-        # Support for Cross-Origin Resource Sharing
-        if request.endpoint and 'cors' in request.endpoint.routing:
-            response.headers.set('Access-Control-Allow-Origin', request.endpoint.routing['cors'])
-            methods = 'GET, POST'
-            if request.endpoint.routing['type'] == 'json':
-                methods = 'POST'
-            elif request.endpoint.routing['methods']:
-                methods = ', '.join(request.endpoint.routing['methods'])
-            response.headers.set('Access-Control-Allow-Methods', methods)
-
         return response
 
     def dispatch(self, environ, start_response):