response = JsonResponse(...)
if request.META.HTTP_AMP_EMAIL_SENDER:
senderEmail = request.META.HTTP_AMP_EMAIL_SENDER
if not isAllowedSender(senderEmail):
raise PermissionDenied
response['AMP-Email-Allow-Sender'] = senderEmail
elif request.META.HTTP_ORIGIN:
requestOrigin = request.META.HTTP_ORIGIN
senderEmail = request.GET.get('__amp_source_origin')
if not isAllowedSender(senderEmail):
raise PermissionDenied
response['Access-Control-Allow-Origin'] = requestOrigin
response['Access-Control-Expose-Headers'] = 'AMP-Access-Control-Allow-Source-Origin'
response['AMP-Access-Control-Allow-Source-Origin'] = senderEmail
else
raise PermissionDenied