diff --git a/kinto/core/cornice/__init__.py b/kinto/core/cornice/__init__.py
index 4e4d9dd4c..b7f51618f 100644
--- a/kinto/core/cornice/__init__.py
+++ b/kinto/core/cornice/__init__.py
@@ -2,17 +2,11 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this file,
 # You can obtain one at http://mozilla.org/MPL/2.0/.
 import logging
-from functools import partial
 
 from pyramid.events import NewRequest
-from pyramid.httpexceptions import HTTPForbidden, HTTPNotFound
-from pyramid.security import NO_PERMISSION_REQUIRED
-from pyramid.settings import asbool, aslist
 
 from kinto.core.cornice.errors import Errors  # NOQA
 from kinto.core.cornice.pyramidhook import (
-    handle_exceptions,
-    register_resource_views,
     register_service_views,
     wrap_request,
 )
@@ -21,49 +15,7 @@
 from kinto.core.cornice.util import ContentTypePredicate, current_service
 
 
-logger = logging.getLogger("cornice")
-
-
-def set_localizer_for_languages(event, available_languages, default_locale_name):
-    """
-    Sets the current locale based on the incoming Accept-Language header, if
-    present, and sets a localizer attribute on the request object based on
-    the current locale.
-
-    To be used as an event handler, this function needs to be partially applied
-    with the available_languages and default_locale_name arguments. The
-    resulting function will be an event handler which takes an event object as
-    its only argument.
-    """
-    request = event.request
-    if request.accept_language:
-        accepted = request.accept_language.lookup(available_languages, default=default_locale_name)
-        request._LOCALE_ = accepted
-
-
-def setup_localization(config):
-    """
-    Setup localization based on the available_languages and
-    pyramid.default_locale_name settings.
-
-    These settings are named after suggestions from the "Internationalization
-    and Localization" section of the Pyramid documentation.
-    """
-    try:
-        config.add_translation_dirs("colander:locale/")
-        settings = config.get_settings()
-        available_languages = aslist(settings["available_languages"])
-        default_locale_name = settings.get("pyramid.default_locale_name", "en")
-        set_localizer = partial(
-            set_localizer_for_languages,
-            available_languages=available_languages,
-            default_locale_name=default_locale_name,
-        )
-        config.add_subscriber(set_localizer, NewRequest)
-    except ImportError:  # pragma: no cover
-        # add_translation_dirs raises an ImportError if colander is not
-        # installed
-        pass
+logger = logging.getLogger("kinto.core.cornice")
 
 
 def includeme(config):
@@ -71,23 +23,8 @@ def includeme(config):
     # attributes required to maintain services
     config.registry.cornice_services = {}
 
-    settings = config.get_settings()
-
-    # localization request subscriber must be set before first call
-    # for request.localizer (in wrap_request)
-    if settings.get("available_languages"):
-        setup_localization(config)
-
     config.add_directive("add_cornice_service", register_service_views)
-    config.add_directive("add_cornice_resource", register_resource_views)
     config.add_subscriber(wrap_request, NewRequest)
     config.add_renderer("cornicejson", CorniceRenderer())
     config.add_view_predicate("content_type", ContentTypePredicate)
     config.add_request_method(current_service, reify=True)
-
-    if asbool(settings.get("handle_exceptions", True)):
-        config.add_view(handle_exceptions, context=Exception, permission=NO_PERMISSION_REQUIRED)
-        config.add_view(handle_exceptions, context=HTTPNotFound, permission=NO_PERMISSION_REQUIRED)
-        config.add_view(
-            handle_exceptions, context=HTTPForbidden, permission=NO_PERMISSION_REQUIRED
-        )
diff --git a/kinto/core/cornice/cors.py b/kinto/core/cornice/cors.py
index 1f5073e89..d1eb91067 100644
--- a/kinto/core/cornice/cors.py
+++ b/kinto/core/cornice/cors.py
@@ -4,12 +4,9 @@
 import fnmatch
 import functools
 
-from pyramid.settings import asbool
-
 
 CORS_PARAMETERS = (
     "cors_headers",
-    "cors_enabled",
     "cors_origins",
     "cors_credentials",
     "cors_max_age",
@@ -95,11 +92,7 @@ def ensure_origin(service, request, response=None, **kwargs):
         origin = request.headers.get("Origin")
 
         if not origin:
-            always_cors = asbool(request.registry.settings.get("cornice.always_cors"))
-            # With this setting, if the service origins has "*", then
-            # always return CORS headers.
-            origins = getattr(service, "cors_origins", [])
-            if always_cors and "*" in origins:
+            if "*" in service.cors_origins:
                 origin = "*"
 
         if origin:
diff --git a/kinto/core/cornice/errors.py b/kinto/core/cornice/errors.py
index 746ea723b..3d4ecddaf 100644
--- a/kinto/core/cornice/errors.py
+++ b/kinto/core/cornice/errors.py
@@ -1,40 +1,18 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this file,
 # You can obtain one at http://mozilla.org/MPL/2.0/.
-import json
-
-from pyramid.i18n import TranslationString
 
 
 class Errors(list):
     """Holds Request errors"""
 
-    def __init__(self, status=400, localizer=None):
+    def __init__(self, status=400):
         self.status = status
-        self.localizer = localizer
-        super(Errors, self).__init__()
+        super().__init__()
 
     def add(self, location, name=None, description=None, **kw):
         """Registers a new error."""
         allowed = ("body", "querystring", "url", "header", "path", "cookies", "method")
         if location != "" and location not in allowed:
             raise ValueError("%r not in %s" % (location, allowed))
-
-        if isinstance(description, TranslationString) and self.localizer:
-            description = self.localizer.translate(description)
-
         self.append(dict(location=location, name=name, description=description, **kw))
-
-    @classmethod
-    def from_json(cls, string):
-        """Transforms a json string into an `Errors` instance"""
-        obj = json.loads(string.decode())
-        return Errors.from_list(obj.get("errors", []))
-
-    @classmethod
-    def from_list(cls, obj):
-        """Transforms a python list into an `Errors` instance"""
-        errors = Errors()
-        for error in obj:
-            errors.add(**error)
-        return errors
diff --git a/kinto/core/cornice/pyramidhook.py b/kinto/core/cornice/pyramidhook.py
index 126d09f7c..47e3df668 100644
--- a/kinto/core/cornice/pyramidhook.py
+++ b/kinto/core/cornice/pyramidhook.py
@@ -7,7 +7,6 @@
 
 from pyramid.exceptions import PredicateMismatch
 from pyramid.httpexceptions import (
-    HTTPException,
     HTTPMethodNotAllowed,
     HTTPNotAcceptable,
     HTTPUnsupportedMediaType,
@@ -25,7 +24,6 @@
 from kinto.core.cornice.util import (
     content_type_matches,
     current_service,
-    is_string,
     match_accept_header,
     match_content_type_header,
     to_list,
@@ -107,32 +105,13 @@ def _fallback_view(request):
 
 def apply_filters(request, response):
     if request.matched_route is not None:
-        # do some sanity checking on the response using filters
+        # do some sanity checking on the response
         service = current_service(request)
         if service is not None:
-            kwargs, ob = getattr(request, "cornice_args", ({}, None))
-            for _filter in kwargs.get("filters", []):
-                if is_string(_filter) and ob is not None:
-                    _filter = getattr(ob, _filter)
-                try:
-                    response = _filter(response, request)
-                except TypeError:
-                    response = _filter(response)
-            if service.cors_enabled:
-                apply_cors_post_request(service, request, response)
-
+            apply_cors_post_request(service, request, response)
     return response
 
 
-def handle_exceptions(exc, request):
-    # At this stage, the checks done by the validators had been removed because
-    # a new response started (the exception), so we need to do that again.
-    if not isinstance(exc, HTTPException):
-        raise
-    request.info["cors_checked"] = False
-    return apply_filters(request, exc)
-
-
 def add_nosniff_header(request, response):
     """IE has some rather unfortunately content-type-sniffing behaviour
     that can be used to trigger XSS attacks via a JSON API, as described here:
@@ -184,7 +163,7 @@ def register_service_views(config, service):
 
     # before doing anything else, register a view for the OPTIONS method
     # if we need to
-    if service.cors_enabled and "OPTIONS" not in service.defined_methods:
+    if "OPTIONS" not in service.defined_methods:
         service.add_view(
             "options", view=get_cors_preflight_view(service), permission=NO_PERMISSION_REQUIRED
         )
@@ -195,7 +174,6 @@ def register_service_views(config, service):
 
     # Cornice-specific arguments that pyramid does not know about
     cornice_parameters = (
-        "filters",
         "validators",
         "schema",
         "klass",
@@ -237,9 +215,7 @@ def register_service_views(config, service):
                 args[item] = copy.deepcopy(args[item])
 
         args["request_method"] = method
-
-        if service.cors_enabled:
-            args["validators"].insert(0, cors_validator)
+        args["validators"].insert(0, cors_validator)
 
         decorated_view = decorate_view(view, dict(args), method, route_args)
 
@@ -357,17 +333,3 @@ def _mungle_view_args(args, predicate_list):
         else:
             # otherwise argument value is just a scalar
             args[kind] = value
-
-
-def register_resource_views(config, resource):
-    """Register a resource and it's views.
-
-    :param config:
-        The pyramid configuration object that will be populated.
-    :param resource:
-        The resource class containing the definitions
-    """
-    services = resource._services
-
-    for service in services.values():
-        config.add_cornice_service(service)
diff --git a/kinto/core/cornice/renderer.py b/kinto/core/cornice/renderer.py
index 1fd1ffb4c..36a26b3bd 100644
--- a/kinto/core/cornice/renderer.py
+++ b/kinto/core/cornice/renderer.py
@@ -3,13 +3,6 @@
 from pyramid.response import Response
 
 
-def bytes_adapter(obj, request):
-    """Convert bytes objects to strings for json error renderer."""
-    if isinstance(obj, bytes):
-        return obj.decode("utf8")
-    return obj
-
-
 class JSONError(exc.HTTPError):
     def __init__(self, serializer, serializer_kw, errors, status=400):
         body = {"status": "error", "errors": errors}
@@ -18,6 +11,13 @@ def __init__(self, serializer, serializer_kw, errors, status=400):
         self.content_type = "application/json"
 
 
+def bytes_adapter(obj, request):
+    """Convert bytes objects to strings for json error renderer."""
+    if isinstance(obj, bytes):
+        return obj.decode("utf8")
+    return obj
+
+
 class CorniceRenderer(JSON):
     """We implement JSON serialization by extending Pyramid's default
     JSON rendering machinery using our own custom Content-Type logic `[1]`_.
@@ -34,8 +34,7 @@ class CorniceRenderer(JSON):
     acceptable = ("application/json", "text/plain")
 
     def __init__(self, *args, **kwargs):
-        """Adds a `bytes` adapter by default."""
-        super(CorniceRenderer, self).__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)
         self.add_adapter(bytes, bytes_adapter)
 
     def render_errors(self, request):
diff --git a/kinto/core/cornice/resource.py b/kinto/core/cornice/resource.py
deleted file mode 100644
index a80602e0e..000000000
--- a/kinto/core/cornice/resource.py
+++ /dev/null
@@ -1,205 +0,0 @@
-# -*- coding: utf-8 -*-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this file,
-# You can obtain one at http://mozilla.org/MPL/2.0/.
-import functools
-import warnings
-
-import venusian
-
-from kinto.core.cornice import Service
-
-
-def resource(depth=2, **kw):
-    """Class decorator to declare resources.
-
-    All the methods of this class named by the name of HTTP resources
-    will be used as such. You can also prefix them by ``"collection_"`` and
-    they will be treated as HTTP methods for the given collection path
-    (collection_path), if any.
-
-    :param depth:
-        Which frame should be looked in default 2.
-
-    :param kw:
-        Keyword arguments configuring the resource.
-
-    Here is an example::
-
-        @resource(collection_path='/users', path='/users/{id}')
-    """
-
-    def wrapper(klass):
-        return add_resource(klass, depth, **kw)
-
-    return wrapper
-
-
-def add_resource(klass, depth=2, **kw):
-    """Function to declare resources of a Class.
-
-    All the methods of this class named by the name of HTTP resources
-    will be used as such. You can also prefix them by ``"collection_"`` and
-    they will be treated as HTTP methods for the given collection path
-    (collection_path), if any.
-
-    :param klass:
-        The class (resource) on which to register the service.
-
-    :param depth:
-        Which frame should be looked in default 2.
-
-    :param kw:
-        Keyword arguments configuring the resource.
-
-
-    Here is an example:
-
-    .. code-block:: python
-
-        class User(object):
-            pass
-
-        add_resource(User, collection_path='/users', path='/users/{id}')
-
-    Alternatively if you want to reuse your existing pyramid routes:
-
-    .. code-block:: python
-
-        class User(object):
-            pass
-
-        add_resource(User, collection_pyramid_route='users',
-            pyramid_route='user')
-
-    """
-
-    services = {}
-
-    if ("collection_pyramid_route" in kw or "pyramid_route" in kw) and (
-        "collection_path" in kw or "path" in kw
-    ):
-        raise ValueError("You use either paths or route names, not both")
-
-    if "collection_path" in kw:
-        if kw["collection_path"] == kw["path"]:
-            msg = "Warning: collection_path and path are not distinct."
-            warnings.warn(msg)
-
-        prefixes = ("", "collection_")
-    else:
-        prefixes = ("",)
-
-    if "collection_pyramid_route" in kw:
-        if kw["collection_pyramid_route"] == kw["pyramid_route"]:
-            msg = "Warning: collection_pyramid_route and pyramid_route are not distinct."
-            warnings.warn(msg)
-
-        prefixes = ("", "collection_")
-
-    for prefix in prefixes:
-        # get clean view arguments
-        service_args = {}
-        for k in list(kw):
-            if k.startswith("collection_"):
-                if prefix == "collection_":
-                    service_args[k[len(prefix) :]] = kw[k]
-            elif k not in service_args:
-                service_args[k] = kw[k]
-
-        # auto-wire klass as its own view factory, unless one
-        # is explicitly declared.
-        if "factory" not in kw:
-            service_args["factory"] = klass
-
-        # create service
-        service_name = service_args.pop("name", None) or klass.__name__.lower()
-        service_name = prefix + service_name
-        service = services[service_name] = Service(name=service_name, depth=depth, **service_args)
-        # ensure the service comes with the same properties as the wrapped
-        # resource
-        functools.update_wrapper(service, klass)
-
-        # initialize views
-        for verb in ("get", "post", "put", "delete", "options", "patch"):
-            view_attr = prefix + verb
-            meth = getattr(klass, view_attr, None)
-
-            if meth is not None:
-                # if the method has a __views__ arguments, then it had
-                # been decorated by a @view decorator. get back the name of
-                # the decorated method so we can register it properly
-                views = getattr(meth, "__views__", [])
-                if views:
-                    for view_args in views:
-                        service.add_view(verb, view_attr, klass=klass, **view_args)
-                else:
-                    service.add_view(verb, view_attr, klass=klass)
-
-    setattr(klass, "_services", services)
-
-    def callback(context, name, ob):
-        # get the callbacks registered by the inner services
-        # and call them from here when the @resource classes are being
-        # scanned by venusian.
-        for service in services.values():
-            config = context.config.with_package(info.module)
-            config.add_cornice_service(service)
-
-    info = venusian.attach(klass, callback, category="pyramid", depth=depth)
-
-    return klass
-
-
-def view(**kw):
-    """Method decorator to store view arguments when defining a resource with
-    the @resource class decorator
-
-    :param kw:
-        Keyword arguments configuring the view.
-    """
-
-    def wrapper(func):
-        return add_view(func, **kw)
-
-    return wrapper
-
-
-def add_view(func, **kw):
-    """Method to store view arguments when defining a resource with
-    the add_resource class method
-
-    :param func:
-        The func to hook to
-
-    :param kw:
-        Keyword arguments configuring the view.
-
-    Example:
-
-    .. code-block:: python
-
-        class User(object):
-
-            def __init__(self, request):
-                self.request = request
-
-            def collection_get(self):
-                return {'users': _USERS.keys()}
-
-            def get(self):
-                return _USERS.get(int(self.request.matchdict['id']))
-
-        add_view(User.get, renderer='json')
-        add_resource(User, collection_path='/users', path='/users/{id}')
-    """
-    # XXX needed in py2 to set on instancemethod
-    if hasattr(func, "__func__"):  # pragma: no cover
-        func = func.__func__
-    # store view argument to use them later in @resource
-    views = getattr(func, "__views__", None)
-    if views is None:
-        views = []
-        setattr(func, "__views__", views)
-    views.append(kw)
-    return func
diff --git a/kinto/core/cornice/service.py b/kinto/core/cornice/service.py
index a8aa322f2..735f01ee2 100644
--- a/kinto/core/cornice/service.py
+++ b/kinto/core/cornice/service.py
@@ -10,7 +10,6 @@
 
 from kinto.core.cornice.util import func_name, is_string, to_list
 from kinto.core.cornice.validators import (
-    DEFAULT_FILTERS,
     DEFAULT_VALIDATORS,
 )
 
@@ -64,10 +63,6 @@ class Service(object):
         A list of callables to pass the request into before passing it to the
         associated view.
 
-    :param filters:
-        A list of callables to pass the response into before returning it to
-        the client.
-
     :param accept:
         A list of ``Accept`` header values accepted for this service
         (or method if overwritten when defining a method).
@@ -108,10 +103,6 @@ class Service(object):
     CORS (Cross Origin Resource Sharing). You can read the CORS specification
     at http://www.w3.org/TR/cors/
 
-    :param cors_enabled:
-        To use if you especially want to disable CORS support for a particular
-        service / method.
-
     :param cors_origins:
         The list of origins for CORS. You can use wildcards here if needed,
         e.g. ('list', 'of', '\\*.domain').
@@ -153,10 +144,9 @@ class Service(object):
 
     renderer = "cornicejson"
     default_validators = DEFAULT_VALIDATORS
-    default_filters = DEFAULT_FILTERS
 
     mandatory_arguments = ("renderer",)
-    list_arguments = ("validators", "filters", "cors_headers", "cors_origins")
+    list_arguments = ("validators", "cors_headers", "cors_origins")
 
     def __repr__(self):
         return "<Service %s at %s>" % (self.name, self.pyramid_route or self.path)
@@ -180,14 +170,13 @@ def __init__(
 
         self.description = description
         self.cors_expose_all_headers = True
-        self._cors_enabled = None
 
         if cors_policy:
             for key, value in cors_policy.items():
                 kw.setdefault("cors_" + key, value)
 
         for key in self.list_arguments:
-            # default_{validators,filters} and {filters,validators} don't
+            # default_validators and validators don't
             # have to be mutables, so we need to create a new list from them
             extra = to_list(kw.get(key, []))
             kw[key] = []
@@ -264,10 +253,10 @@ def get_arguments(self, conf=None):
             "error_handler", getattr(self, "error_handler", self.default_error_handler)
         )
 
-        # exclude some validators or filters
+        # exclude some validators
         if "exclude" in conf:
             for item in to_list(conf.pop("exclude")):
-                for container in arguments["validators"], arguments["filters"]:
+                for container in (arguments["validators"],):
                     if item in container:
                         container.remove(item)
 
@@ -457,30 +446,6 @@ def get_contenttypes(self, method, filter_callables=False):
         """
         return self.filter_argumentlist(method, "content_type", filter_callables)
 
-    def get_validators(self, method):
-        """return a list of validators for the given method.
-
-        :param method: the method to get the validators for.
-        """
-        validators = []
-        for meth, view, args in self.definitions:
-            if meth.upper() == method.upper() and "validators" in args:
-                for validator in args["validators"]:
-                    if validator not in validators:
-                        validators.append(validator)
-        return validators
-
-    @property
-    def cors_enabled(self):
-        if self._cors_enabled is False:
-            return False
-
-        return bool(self.cors_origins or self._cors_enabled)
-
-    @cors_enabled.setter
-    def cors_enabled(self, value):
-        self._cors_enabled = value
-
     def cors_supported_headers_for(self, method=None):
         """Return an iterable of supported headers for this service.
 
@@ -489,13 +454,12 @@ def cors_supported_headers_for(self, method=None):
         """
         headers = set()
         for meth, _, args in self.definitions:
-            if args.get("cors_enabled", True):
-                exposed_headers = args.get("cors_headers", ())
-                if method is not None:
-                    if meth.upper() == method.upper():
-                        return set(exposed_headers)
-                else:
-                    headers |= set(exposed_headers)
+            exposed_headers = args.get("cors_headers", ())
+            if method is not None:
+                if meth.upper() == method.upper():
+                    return set(exposed_headers)
+            else:
+                headers |= set(exposed_headers)
         return headers
 
     @property
@@ -503,7 +467,7 @@ def cors_supported_methods(self):
         """Return an iterable of methods supported by CORS"""
         methods = []
         for meth, _, args in self.definitions:
-            if args.get("cors_enabled", True) and meth not in methods:
+            if meth not in methods:
                 methods.append(meth)
         return methods
 
diff --git a/kinto/core/cornice/util.py b/kinto/core/cornice/util.py
index 7a705116f..a32535152 100644
--- a/kinto/core/cornice/util.py
+++ b/kinto/core/cornice/util.py
@@ -1,7 +1,6 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this file,
 # You can obtain one at http://mozilla.org/MPL/2.0/.
-import warnings
 
 
 __all__ = [
@@ -69,18 +68,6 @@ def match_content_type_header(func, context, request):
     return content_type_matches(request, supported_contenttypes)
 
 
-def extract_json_data(request):
-    warnings.warn("Use ``cornice.validators.extract_cstruct()`` instead", DeprecationWarning)
-    from kinto.core.cornice.validators import extract_cstruct
-
-    return extract_cstruct(request)["body"]
-
-
-def extract_form_urlencoded_data(request):
-    warnings.warn("Use ``cornice.validators.extract_cstruct()`` instead", DeprecationWarning)
-    return request.POST
-
-
 def content_type_matches(request, content_types):
     """
     Check whether ``request.content_type``
diff --git a/kinto/core/cornice/validators/__init__.py b/kinto/core/cornice/validators/__init__.py
index ee2c03ab6..15763e2d4 100755
--- a/kinto/core/cornice/validators/__init__.py
+++ b/kinto/core/cornice/validators/__init__.py
@@ -5,35 +5,11 @@
 
 from webob.multidict import MultiDict
 
-from kinto.core.cornice.validators._colander import body_validator as colander_body_validator
-from kinto.core.cornice.validators._colander import headers_validator as colander_headers_validator
-from kinto.core.cornice.validators._colander import path_validator as colander_path_validator
-from kinto.core.cornice.validators._colander import (
-    querystring_validator as colander_querystring_validator,
-)
 from kinto.core.cornice.validators._colander import validator as colander_validator
-from kinto.core.cornice.validators._marshmallow import body_validator as marshmallow_body_validator
-from kinto.core.cornice.validators._marshmallow import (
-    headers_validator as marshmallow_headers_validator,
-)
-from kinto.core.cornice.validators._marshmallow import path_validator as marshmallow_path_validator
-from kinto.core.cornice.validators._marshmallow import (
-    querystring_validator as marshmallow_querystring_validator,
-)
-from kinto.core.cornice.validators._marshmallow import validator as marshmallow_validator
 
 
 __all__ = [
     "colander_validator",
-    "colander_body_validator",
-    "colander_headers_validator",
-    "colander_path_validator",
-    "colander_querystring_validator",
-    "marshmallow_validator",
-    "marshmallow_body_validator",
-    "marshmallow_headers_validator",
-    "marshmallow_path_validator",
-    "marshmallow_querystring_validator",
     "extract_cstruct",
     "DEFAULT_VALIDATORS",
     "DEFAULT_FILTERS",
@@ -41,7 +17,6 @@
 
 
 DEFAULT_VALIDATORS = []
-DEFAULT_FILTERS = []
 
 
 def extract_cstruct(request):
diff --git a/kinto/core/cornice/validators/_colander.py b/kinto/core/cornice/validators/_colander.py
index 5e5efa531..e110b7513 100644
--- a/kinto/core/cornice/validators/_colander.py
+++ b/kinto/core/cornice/validators/_colander.py
@@ -2,91 +2,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this file,
 # You can obtain one at http://mozilla.org/MPL/2.0/.
 
-import inspect
-import warnings
-
-
-def _generate_colander_validator(location):
-    """
-    Generate a colander validator for data from the given location.
-
-    :param location: The location in the request to find the data to be
-        validated, such as "body" or "querystring".
-    :type location: str
-    :return: Returns a callable that will validate the request at the given
-        location.
-    :rtype: callable
-    """
-
-    def _validator(request, schema=None, deserializer=None, **kwargs):
-        """
-        Validate the location against the schema defined on the service.
-
-        The content of the location is deserialized, validated and stored in
-        the ``request.validated`` attribute.
-
-        .. note::
-
-            If no schema is defined, this validator does nothing.
-            Schema should be of type :class:`~colander:colander.MappingSchema`.
-
-        :param request: Current request
-        :type request: :class:`~pyramid:pyramid.request.Request`
-
-        :param schema: The Colander schema
-        :param deserializer: Optional deserializer, defaults to
-            :func:`cornice.validators.extract_cstruct`
-        """
-        import colander
-
-        if schema is None:
-            return
-
-        schema_instance = _ensure_instantiated(schema)
-
-        if not isinstance(schema_instance, colander.MappingSchema):
-            raise TypeError("Schema should inherit from colander.MappingSchema.")
-
-        class RequestSchemaMeta(colander._SchemaMeta):
-            """
-            A metaclass that will inject a location class attribute into
-            RequestSchema.
-            """
-
-            def __new__(cls, name, bases, class_attrs):
-                """
-                Instantiate the RequestSchema class.
-
-                :param name: The name of the class we are instantiating. Will
-                    be "RequestSchema".
-                :type name: str
-                :param bases: The class's superclasses.
-                :type bases: tuple
-                :param dct: The class's class attributes.
-                :type dct: dict
-                """
-                class_attrs[location] = schema_instance
-                return type(name, bases, class_attrs)
-
-        class RequestSchema(colander.MappingSchema, metaclass=RequestSchemaMeta):  # noqa
-            """A schema to validate the request's location attributes."""
-
-            pass
-
-        validator(request, RequestSchema(), deserializer, **kwargs)
-        validated_location = request.validated.get(location, {})
-        request.validated.update(validated_location)
-        if location not in validated_location:
-            request.validated.pop(location, None)
-
-    return _validator
-
-
-body_validator = _generate_colander_validator("body")
-headers_validator = _generate_colander_validator("headers")
-path_validator = _generate_colander_validator("path")
-querystring_validator = _generate_colander_validator("querystring")
-
 
 def validator(request, schema=None, deserializer=None, **kwargs):
     """
@@ -117,7 +32,6 @@ def validator(request, schema=None, deserializer=None, **kwargs):
     if schema is None:
         return
 
-    schema = _ensure_instantiated(schema)
     cstruct = deserializer(request)
     try:
         deserialized = schema.deserialize(cstruct)
@@ -129,14 +43,3 @@ def validator(request, schema=None, deserializer=None, **kwargs):
             request.errors.add(location, field, msg)
     else:
         request.validated.update(deserialized)
-
-
-def _ensure_instantiated(schema):
-    if inspect.isclass(schema):
-        warnings.warn(
-            "Setting schema to a class is deprecated. Set schema to an instance instead.",
-            DeprecationWarning,
-            stacklevel=2,
-        )
-        schema = schema()
-    return schema
diff --git a/kinto/core/cornice/validators/_marshmallow.py b/kinto/core/cornice/validators/_marshmallow.py
deleted file mode 100644
index 8afd4de52..000000000
--- a/kinto/core/cornice/validators/_marshmallow.py
+++ /dev/null
@@ -1,182 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this file,
-# You can obtain one at http://mozilla.org/MPL/2.0/.
-
-import inspect
-
-
-def _generate_marshmallow_validator(location):
-    """
-    Generate a marshmallow validator for data from the given location.
-
-    :param location: The location in the request to find the data to be
-        validated, such as "body" or "querystring".
-    :type location: str
-    :return: Returns a callable that will validate the request at the given
-        location.
-    :rtype: callable
-    """
-
-    def _validator(request, schema=None, deserializer=None, **kwargs):
-        """
-        Validate the location against the schema defined on the service.
-
-        The content of the location is deserialized, validated and stored in
-        the ``request.validated`` attribute.
-
-        Keyword arguments to be included when initialising the marshmallow
-        schema can be passed as a dict in ``kwargs['schema_kwargs']`` variable.
-
-        .. note::
-
-            If no schema is defined, this validator does nothing.
-
-        :param request: Current request
-        :type request: :class:`~pyramid:pyramid.request.Request`
-
-        :param schema: The marshmallow schema
-        :param deserializer: Optional deserializer, defaults to
-            :func:`cornice.validators.extract_cstruct`
-        """
-        import marshmallow
-        import marshmallow.schema
-        from marshmallow.utils import EXCLUDE
-
-        if schema is None:
-            return
-
-        # see if the user wants to set any keyword arguments for their schema
-        schema_kwargs = kwargs.get("schema_kwargs", {})
-        schema = _instantiate_schema(schema, **schema_kwargs)
-
-        class ValidatedField(marshmallow.fields.Field):
-            def _deserialize(self, value, attr, data, **kwargs):
-                schema.context.setdefault("request", request)
-                deserialized = schema.load(value)
-                return deserialized
-
-        class Meta(object):
-            strict = True
-            ordered = True
-            unknown = EXCLUDE
-
-        class RequestSchemaMeta(marshmallow.schema.SchemaMeta):
-            """
-            A metaclass that will inject a location class attribute into
-            RequestSchema.
-            """
-
-            def __new__(cls, name, bases, class_attrs):
-                """
-                Instantiate the RequestSchema class.
-
-                :param name: The name of the class we are instantiating. Will
-                    be "RequestSchema".
-                :type name: str
-                :param bases: The class's superclasses.
-                :type bases: tuple
-                :param dct: The class's class attributes.
-                :type dct: dict
-                """
-
-                class_attrs[location] = ValidatedField(
-                    required=True, metadata={"load_from": location}
-                )
-                class_attrs["Meta"] = Meta
-                return type(name, bases, class_attrs)
-
-        class RequestSchema(marshmallow.Schema, metaclass=RequestSchemaMeta):  # noqa
-            """A schema to validate the request's location attributes."""
-
-            pass
-
-        validator(request, RequestSchema, deserializer, **kwargs)
-        request.validated = request.validated.get(location, {})
-
-    return _validator
-
-
-body_validator = _generate_marshmallow_validator("body")
-headers_validator = _generate_marshmallow_validator("header")
-path_validator = _generate_marshmallow_validator("path")
-querystring_validator = _generate_marshmallow_validator("querystring")
-
-
-def _message_normalizer(exc, no_field_name="_schema"):
-    """
-    Normally `normalize_messages` will exist on `ValidationError` but pre 2.10
-    versions don't have it
-    :param exc:
-    :param no_field_name:
-    :return:
-    """
-    if isinstance(exc.messages, dict):
-        return exc.messages
-    field_names = exc.kwargs.get("field_names", [])
-    if len(field_names) == 0:
-        return {no_field_name: exc.messages}
-    return dict((name, exc.messages) for name in field_names)
-
-
-def validator(request, schema=None, deserializer=None, **kwargs):
-    """
-    Validate the full request against the schema defined on the service.
-
-    Each attribute of the request is deserialized, validated and stored in the
-    ``request.validated`` attribute
-    (eg. body in ``request.validated['body']``).
-
-    .. note::
-
-        If no schema is defined, this validator does nothing.
-
-    :param request: Current request
-    :type request: :class:`~pyramid:pyramid.request.Request`
-
-    :param schema: The marshmallow schema
-    :param deserializer: Optional deserializer, defaults to
-        :func:`cornice.validators.extract_cstruct`
-    """
-    import marshmallow
-
-    from kinto.core.cornice.validators import extract_cstruct
-
-    if deserializer is None:
-        deserializer = extract_cstruct
-
-    if schema is None:
-        return
-
-    schema = _instantiate_schema(schema)
-    schema.context.setdefault("request", request)
-
-    cstruct = deserializer(request)
-    try:
-        deserialized = schema.load(cstruct)
-    except marshmallow.ValidationError as err:
-        # translate = request.localizer.translate
-        normalized_errors = _message_normalizer(err)
-        for location, details in normalized_errors.items():
-            location = location if location != "_schema" else ""
-            if hasattr(details, "items"):
-                for subfield, msg in details.items():
-                    request.errors.add(location, subfield, msg)
-            else:
-                request.errors.add(location, location, details)
-    else:
-        request.validated.update(deserialized)
-
-
-def _instantiate_schema(schema, **kwargs):
-    """
-    Returns an object of the given marshmallow schema.
-
-    :param schema: The marshmallow schema class with which the request should
-        be validated
-    :param kwargs: The keyword arguments that will be provided to the
-        marshmallow schema's constructor
-    :return: The object of the marshmallow schema
-    """
-    if not inspect.isclass(schema):
-        raise ValueError("You need to pass Marshmallow class instead of schema instance")
-    return schema(**kwargs)
diff --git a/kinto/core/cornice_swagger/__init__.py b/kinto/core/cornice_swagger/__init__.py
index 6f7a9f729..c5858cebc 100644
--- a/kinto/core/cornice_swagger/__init__.py
+++ b/kinto/core/cornice_swagger/__init__.py
@@ -1,5 +1,3 @@
-from pyramid.security import NO_PERMISSION_REQUIRED
-
 from kinto.core.cornice_swagger.swagger import CorniceSwagger
 
 
@@ -30,63 +28,3 @@ def includeme(config):
     config.add_view_predicate("tags", CorniceSwaggerPredicate)
     config.add_view_predicate("operation_id", CorniceSwaggerPredicate)
     config.add_view_predicate("api_security", CorniceSwaggerPredicate)
-    config.add_directive("cornice_enable_openapi_view", cornice_enable_openapi_view)
-    config.add_directive("cornice_enable_openapi_explorer", cornice_enable_openapi_explorer)
-
-
-def cornice_enable_openapi_view(
-    config,
-    api_path="/api-explorer/swagger.json",
-    permission=NO_PERMISSION_REQUIRED,
-    route_factory=None,
-    **kwargs,
-):
-    """
-    :param config:
-        Pyramid configurator object
-    :param api_path:
-        where to expose swagger JSON definition view
-    :param permission:
-        pyramid permission for those views
-    :param route_factory:
-        factory for context object for those routes
-    :param kwargs:
-        kwargs that will be passed to CorniceSwagger's `generate()`
-
-    This registers and configures the view that serves api definitions
-    """
-    config.registry.settings["cornice_swagger.spec_kwargs"] = kwargs
-    config.add_route("cornice_swagger.open_api_path", api_path, factory=route_factory)
-    config.add_view(
-        "cornice_swagger.views.open_api_json_view",
-        renderer="json",
-        permission=permission,
-        route_name="cornice_swagger.open_api_path",
-    )
-
-
-def cornice_enable_openapi_explorer(
-    config,
-    api_explorer_path="/api-explorer",
-    permission=NO_PERMISSION_REQUIRED,
-    route_factory=None,
-    **kwargs,
-):
-    """
-    :param config:
-        Pyramid configurator object
-    :param api_explorer_path:
-        where to expose Swagger UI interface view
-    :param permission:
-        pyramid permission for those views
-    :param route_factory:
-        factory for context object for those routes
-
-    This registers and configures the view that serves api explorer
-    """
-    config.add_route("cornice_swagger.api_explorer_path", api_explorer_path, factory=route_factory)
-    config.add_view(
-        "cornice_swagger.views.swagger_ui_template_view",
-        permission=permission,
-        route_name="cornice_swagger.api_explorer_path",
-    )
diff --git a/kinto/core/cornice_swagger/swagger.py b/kinto/core/cornice_swagger/swagger.py
index c5cf53252..872e5ca64 100644
--- a/kinto/core/cornice_swagger/swagger.py
+++ b/kinto/core/cornice_swagger/swagger.py
@@ -1,6 +1,5 @@
 """Cornice Swagger 2.0 documentor"""
 
-import inspect
 import warnings
 from collections import OrderedDict
 
@@ -13,7 +12,7 @@
     ParameterConversionDispatcher as ParameterConverter,
 )
 from kinto.core.cornice_swagger.converters import TypeConversionDispatcher as TypeConverter
-from kinto.core.cornice_swagger.util import body_schema_transformer, merge_dicts, trim
+from kinto.core.cornice_swagger.util import merge_dicts, trim
 
 
 class CorniceSwaggerException(Exception):
@@ -299,10 +298,6 @@ class CorniceSwagger(object):
     """Default :class:`cornice_swagger.swagger.ResponseHandler` class to use when
     handling OpenAPI responses from kinto.core.cornice_swagger defined responses."""
 
-    schema_transformers = [body_schema_transformer]
-    """List of request schema transformers that should be applied to a request
-    schema to make it comply with a cornice default request schema."""
-
     type_converter = TypeConverter
     """Default :class:`cornice_swagger.converters.schema.TypeConversionDispatcher`
     class used for converting colander schema Types to Swagger Types."""
@@ -372,7 +367,7 @@ def __init__(
         """
         :param services:
             List of cornice services to document. You may use
-            cornice.service.get_services() to get it.
+            kinto.core.cornice.service.get_services() to get it.
         :param def_ref_depth:
             How depth swagger object schemas should be split into
             swaggger definitions with JSON pointers. Default (0) is no split.
@@ -658,15 +653,9 @@ def _extract_operation_from_view(self, view, args):
             op["consumes"] = consumes
 
         # Get parameters from view schema
-        is_colander = self._is_colander_schema(args)
-        if is_colander:
-            schema = self._extract_transform_colander_schema(args)
-            parameters = self.parameters.from_schema(schema)
-        else:
-            # Bail out for now
-            parameters = None
-        if parameters:
-            op["parameters"] = parameters
+        schema = args.get("schema", colander.MappingSchema())
+        parameters = self.parameters.from_schema(schema)
+        op["parameters"] = parameters
 
         # Get summary from docstring
         if isinstance(view, str):
@@ -697,29 +686,3 @@ def _extract_operation_from_view(self, view, args):
             op["security"] = args["api_security"]
 
         return op
-
-    def _is_colander_schema(self, args):
-        schema = args.get("schema")
-        return isinstance(schema, colander.Schema) or (
-            inspect.isclass(schema) and issubclass(schema, colander.MappingSchema)
-        )
-
-    def _extract_transform_colander_schema(self, args):
-        """
-        Extract schema from view args and transform it using
-        the pipeline of schema transformers
-
-        :param args:
-            Arguments from the view decorator.
-
-        :rtype: colander.MappingSchema()
-        :returns: View schema cloned and transformed
-        """
-
-        schema = args.get("schema", colander.MappingSchema())
-        if not isinstance(schema, colander.Schema):
-            schema = schema()
-        schema = schema.clone()
-        for transformer in self.schema_transformers:
-            schema = transformer(schema, args)
-        return schema
diff --git a/kinto/core/cornice_swagger/templates/index.html b/kinto/core/cornice_swagger/templates/index.html
deleted file mode 100644
index 6d5c53076..000000000
--- a/kinto/core/cornice_swagger/templates/index.html
+++ /dev/null
@@ -1,73 +0,0 @@
-<!-- HTML for static distribution bundle build -->
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <title>Swagger UI</title>
-  <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700|Source+Code+Pro:300,600|Titillium+Web:400,600,700" rel="stylesheet">
-  <link rel="stylesheet" type="text/css" href="${ui_css_url}" >
-  <style>
-    html
-    {
-      box-sizing: border-box;
-      overflow: -moz-scrollbars-vertical;
-      overflow-y: scroll;
-    }
-    *,
-    *:before,
-    *:after
-    {
-      box-sizing: inherit;
-    }
-
-    body {
-      margin:0;
-      background: #fafafa;
-    }
-  </style>
-</head>
-
-<body>
-
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="position:absolute;width:0;height:0">
-  <defs>
-    <symbol viewBox="0 0 20 20" id="unlocked">
-          <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z"></path>
-    </symbol>
-
-    <symbol viewBox="0 0 20 20" id="locked">
-      <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 20 20" id="close">
-      <path d="M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 20 20" id="large-arrow">
-      <path d="M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 20 20" id="large-arrow-down">
-      <path d="M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z"/>
-    </symbol>
-
-
-    <symbol viewBox="0 0 24 24" id="jump-to">
-      <path d="M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z"/>
-    </symbol>
-
-    <symbol viewBox="0 0 24 24" id="expand">
-      <path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z"/>
-    </symbol>
-
-  </defs>
-</svg>
-
-<div id="swagger-ui"></div>
-
-<script src="${ui_js_bundle_url}"> </script>
-<script src="${ui_js_standalone_url}"> </script>
-${swagger_ui_script}
-</body>
-
-</html>
diff --git a/kinto/core/cornice_swagger/templates/index_script_template.html b/kinto/core/cornice_swagger/templates/index_script_template.html
deleted file mode 100644
index 1bf6f4f1b..000000000
--- a/kinto/core/cornice_swagger/templates/index_script_template.html
+++ /dev/null
@@ -1,21 +0,0 @@
-<script>
-    window.onload = function() {
-
-        // Build a system
-        const ui = SwaggerUIBundle({
-            url: "${swagger_spec_url}",
-            dom_id: '#swagger-ui',
-            deepLinking: true,
-            presets: [
-                SwaggerUIBundle.presets.apis,
-                SwaggerUIStandalonePreset
-            ],
-            plugins: [
-                SwaggerUIBundle.plugins.DownloadUrl
-            ],
-            layout: "StandaloneLayout"
-        })
-
-        window.ui = ui
-    }
-</script>
diff --git a/kinto/core/cornice_swagger/util.py b/kinto/core/cornice_swagger/util.py
index 9696d1a89..47fd8300f 100644
--- a/kinto/core/cornice_swagger/util.py
+++ b/kinto/core/cornice_swagger/util.py
@@ -1,8 +1,3 @@
-import colander
-
-from kinto.core.cornice.validators import colander_body_validator
-
-
 def trim(docstring):
     """
     Remove the tabs to spaces, and remove the extra spaces / tabs that are in
@@ -20,15 +15,6 @@ def trim(docstring):
     return res
 
 
-def body_schema_transformer(schema, args):
-    validators = args.get("validators", [])
-    if colander_body_validator in validators:
-        body_schema = schema
-        schema = colander.MappingSchema()
-        schema["body"] = body_schema
-    return schema
-
-
 def merge_dicts(base, changes):
     """Merge b into a recursively, without overwriting values.
 
diff --git a/kinto/core/cornice_swagger/views.py b/kinto/core/cornice_swagger/views.py
deleted file mode 100644
index 93d75cf05..000000000
--- a/kinto/core/cornice_swagger/views.py
+++ /dev/null
@@ -1,78 +0,0 @@
-import importlib
-from string import Template
-
-import cornice
-import cornice_swagger
-import pkg_resources
-from pyramid.response import Response
-
-
-# hardcode for now since that will work for vast majority of users
-# maybe later add minified resources for behind firewall support?
-ui_css_url = "https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/3.23.11/swagger-ui.css"
-ui_js_bundle_url = "https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/3.23.11/swagger-ui-bundle.js"
-ui_js_standalone_url = (
-    "https://cdnjs.cloudflare.com/ajax/libs/swagger-ui/3.23.11/swagger-ui-standalone-preset.js"
-)
-
-
-def swagger_ui_template_view(request):
-    """
-    Serves Swagger UI page, default Swagger UI config is used but you can
-    override the callable that generates the `<script>` tag by setting
-    `cornice_swagger.swagger_ui_script_generator` in pyramid config, it defaults
-    to 'cornice_swagger.views:swagger_ui_script_template'
-
-    :param request:
-    :return:
-    """
-    script_generator = request.registry.settings.get(
-        "cornice_swagger.swagger_ui_script_generator",
-        "cornice_swagger.views:swagger_ui_script_template",
-    )
-    package, callable = script_generator.split(":")
-    imported_package = importlib.import_module(package)
-    script_callable = getattr(imported_package, callable)
-    template = pkg_resources.resource_string("cornice_swagger", "templates/index.html").decode(
-        "utf8"
-    )
-
-    html = Template(template).safe_substitute(
-        ui_css_url=ui_css_url,
-        ui_js_bundle_url=ui_js_bundle_url,
-        ui_js_standalone_url=ui_js_standalone_url,
-        swagger_ui_script=script_callable(request),
-    )
-    return Response(html)
-
-
-def open_api_json_view(request):
-    """
-    :param request:
-    :return:
-
-    Generates JSON representation of Swagger spec
-    """
-    doc = cornice_swagger.CorniceSwagger(
-        cornice.service.get_services(), pyramid_registry=request.registry
-    )
-    kwargs = request.registry.settings["cornice_swagger.spec_kwargs"]
-    my_spec = doc.generate(**kwargs)
-    return my_spec
-
-
-def swagger_ui_script_template(request, **kwargs):
-    """
-    :param request:
-    :return:
-
-    Generates the <script> code that bootstraps Swagger UI, it will be injected
-    into index template
-    """
-    swagger_spec_url = request.route_url("cornice_swagger.open_api_path")
-    template = pkg_resources.resource_string(
-        "cornice_swagger", "templates/index_script_template.html"
-    ).decode("utf8")
-    return Template(template).safe_substitute(
-        swagger_spec_url=swagger_spec_url,
-    )
diff --git a/pyproject.toml b/pyproject.toml
index 5a62080c3..5652cc639 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -83,6 +83,7 @@ monitoring = [
 ]
 test = [
     "bravado",
+    "flex",
     "pytest",
     "pytest-cache",
     "pytest-cov",
@@ -103,10 +104,6 @@ strip-extras = true
 
 [tool.coverage.run]
 branch = true
-omit = [
-    "kinto/core/cornice/*",
-    "kinto/core/cornice_swagger/*",
-]
 
 [tool.ruff]
 line-length = 99
diff --git a/tests/core/cornice/__init__.py b/tests/core/cornice/__init__.py
new file mode 100644
index 000000000..c580d191c
--- /dev/null
+++ b/tests/core/cornice/__init__.py
@@ -0,0 +1,3 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/tests/core/cornice/support.py b/tests/core/cornice/support.py
new file mode 100644
index 000000000..af3e1f267
--- /dev/null
+++ b/tests/core/cornice/support.py
@@ -0,0 +1,109 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+import logging
+import logging.handlers
+import weakref
+
+from pyramid import testing
+from pyramid.httpexceptions import HTTPException
+from webob import exc
+from webob.dec import wsgify
+
+from kinto.core.cornice.errors import Errors
+
+
+logger = logging.getLogger("kinto.core.cornice")
+
+
+class DummyContext(object):
+    def __repr__(self):
+        return "context!"
+
+
+class DummyRequest(testing.DummyRequest):
+    def __init__(self, *args, **kwargs):
+        super(DummyRequest, self).__init__(*args, **kwargs)
+        self.context = DummyContext()
+        self.errors = Errors()
+        self.content_type = None
+
+
+def dummy_factory(request):
+    return DummyContext()
+
+
+# stolen from the packaging stdlib testsuite tools
+
+
+class _TestHandler(logging.handlers.BufferingHandler):
+    # stolen and adapted from test.support
+
+    def __init__(self):
+        logging.handlers.BufferingHandler.__init__(self, 0)
+        self.setLevel(logging.DEBUG)
+
+    def shouldFlush(self):
+        return False
+
+    def emit(self, record):
+        self.buffer.append(record)
+
+
+class LoggingCatcher(object):
+    """TestCase-compatible mixin to receive logging calls.
+
+    Upon setUp, instances of this classes get a BufferingHandler that's
+    configured to record all messages logged to the 'cornice' logger
+    """
+
+    def setUp(self):
+        super(LoggingCatcher, self).setUp()
+        self.loghandler = handler = _TestHandler()
+        self._old_level = logger.level
+        logger.addHandler(handler)
+        logger.setLevel(logging.DEBUG)  # we want all messages
+
+    def tearDown(self):
+        handler = self.loghandler
+        # All this is necessary to properly shut down the logging system and
+        # avoid a regrtest complaint.  Thanks to Vinay Sajip for the help.
+        handler.close()
+        logger.removeHandler(handler)
+        for ref in weakref.getweakrefs(handler):
+            logging._removeHandlerRef(ref)
+        del self.loghandler
+        logger.setLevel(self._old_level)
+        super(LoggingCatcher, self).tearDown()
+
+    def get_logs(self, level=logging.WARNING, flush=True):
+        """Return all log messages with given level.
+
+        *level* defaults to logging.WARNING.
+
+        For log calls with arguments (i.e.  logger.info('bla bla %r', arg)),
+        the messages will be formatted before being returned (e.g. "bla bla
+        'thing'").
+
+        Returns a list.  Automatically flushes the loghandler after being
+        called, unless *flush* is False (this is useful to get e.g. all
+        warnings then all info messages).
+        """
+        messages = [log.getMessage() for log in self.loghandler.buffer if log.levelno == level]
+        if flush:
+            self.loghandler.flush()
+        return messages
+
+
+class CatchErrors(object):
+    def __init__(self, app):
+        self.app = app
+        if hasattr(app, "registry"):
+            self.registry = app.registry
+
+    @wsgify
+    def __call__(self, request):
+        try:
+            return request.get_response(self.app)
+        except (exc.HTTPException, HTTPException) as e:
+            return e
diff --git a/tests/core/cornice/test_cors.py b/tests/core/cornice/test_cors.py
new file mode 100644
index 000000000..41b29e3cd
--- /dev/null
+++ b/tests/core/cornice/test_cors.py
@@ -0,0 +1,383 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+from unittest import TestCase
+
+from pyramid import testing
+from pyramid.authentication import BasicAuthAuthenticationPolicy
+from pyramid.exceptions import HTTPBadRequest, NotFound
+from pyramid.interfaces import IAuthorizationPolicy
+from pyramid.response import Response
+from pyramid.view import view_config
+from webtest import TestApp
+from zope.interface import implementer
+
+from kinto.core.cornice.service import Service
+
+from .support import CatchErrors
+
+
+squirel = Service(path="/squirel", name="squirel", cors_origins=("foobar",))
+spam = Service(path="/spam", name="spam", cors_origins=("*",))
+eggs = Service(path="/eggs", name="egg", cors_origins=("*",), cors_expose_all_headers=False)
+bacon = Service(path="/bacon/{type}", name="bacon", cors_origins=("*",))
+
+
+class Klass(object):
+    """
+    Class implementation of a service
+    """
+
+    def __init__(self, request):
+        self.request = request
+
+    def post(self):
+        return "moar squirels (take care)"
+
+
+cors_policy = {"origins": ("*",), "credentials": True}
+
+cors_klass = Service(name="cors_klass", path="/cors_klass", klass=Klass, cors_policy=cors_policy)
+cors_klass.add_view("post", "post")
+
+
+@squirel.get(cors_origins=("notmyidea.org",), cors_headers=("X-My-Header",))
+def get_squirel(request):
+    return "squirels"
+
+
+@squirel.post(cors_headers=("X-Another-Header"))
+def post_squirel(request):
+    return "moar squirels (take care)"
+
+
+@squirel.put()
+def put_squirel(request):
+    return "squirels!"
+
+
+@spam.get(cors_credentials=True, cors_headers=("X-My-Header"), cors_max_age=42)
+def gimme_some_spam_please(request):
+    return "spam"
+
+
+@spam.post(permission="read-only")
+def moar_spam(request):
+    return "moar spam"
+
+
+@eggs.get(
+    cors_origins=("notmyidea.org",),
+    cors_headers=("X-My-Header", "X-Another-Header", "X-Another-Header2"),
+)
+def get_eggs(request):
+    return "eggs"
+
+
+def is_bacon_good(request, **kwargs):
+    if not request.matchdict["type"].endswith("good"):
+        request.errors.add("querystring", "type", "should be better!")
+
+
+@bacon.get(validators=is_bacon_good)
+def get_some_bacon(request):
+    # Okay, you there. Bear in mind, the only kind of bacon existing is 'good'.
+    if request.matchdict["type"] != "good":
+        raise NotFound(detail="Not. Found.")
+    return "yay"
+
+
+@bacon.post()
+def post_some_bacon(request):
+    return Response()
+
+
+@bacon.put()
+def put_some_bacon(request):
+    raise HTTPBadRequest()
+
+
+@view_config(route_name="noservice")
+def noservice(request):
+    return Response("No Service here.")
+
+
+class TestCORS(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.include("kinto.core.cornice")
+        self.config.add_route("noservice", "/noservice")
+        self.config.scan("tests.core.cornice.test_cors")
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_preflight_cors_klass_post(self):
+        resp = self.app.options(
+            "/cors_klass",
+            status=200,
+            headers={"Origin": "lolnet.org", "Access-Control-Request-Method": "POST"},
+        )
+        self.assertEqual("POST,OPTIONS", dict(resp.headers)["Access-Control-Allow-Methods"])
+
+    def test_preflight_cors_klass_put(self):
+        self.app.options(
+            "/cors_klass",
+            status=400,
+            headers={"Origin": "lolnet.org", "Access-Control-Request-Method": "PUT"},
+        )
+
+    def test_preflight_missing_headers(self):
+        # we should have an OPTION method defined.
+        # If we just try to reach it, without using correct headers:
+        # "Access-Control-Request-Method"or without the "Origin" header,
+        # we should get a 400.
+        resp = self.app.options("/squirel", status=400)
+        self.assertEqual(len(resp.json["errors"]), 2)
+
+    def test_preflight_missing_origin(self):
+        resp = self.app.options(
+            "/squirel", headers={"Access-Control-Request-Method": "GET"}, status=400
+        )
+        self.assertEqual(len(resp.json["errors"]), 1)
+
+    def test_preflight_does_not_expose_headers(self):
+        resp = self.app.options(
+            "/squirel",
+            headers={"Access-Control-Request-Method": "GET", "Origin": "notmyidea.org"},
+            status=200,
+        )
+        self.assertNotIn("Access-Control-Expose-Headers", resp.headers)
+
+    def test_preflight_missing_request_method(self):
+        resp = self.app.options("/squirel", headers={"Origin": "foobar.org"}, status=400)
+
+        self.assertEqual(len(resp.json["errors"]), 1)
+
+    def test_preflight_incorrect_origin(self):
+        # we put "lolnet.org" where only "notmyidea.org" is authorized
+        resp = self.app.options(
+            "/squirel",
+            headers={"Origin": "lolnet.org", "Access-Control-Request-Method": "GET"},
+            status=400,
+        )
+        self.assertEqual(len(resp.json["errors"]), 1)
+
+    def test_preflight_correct_origin(self):
+        resp = self.app.options(
+            "/squirel", headers={"Origin": "notmyidea.org", "Access-Control-Request-Method": "GET"}
+        )
+        self.assertEqual(resp.headers["Access-Control-Allow-Origin"], "notmyidea.org")
+
+        allowed_methods = resp.headers["Access-Control-Allow-Methods"].split(",")
+
+        # self.assertNotIn("POST", allowed_methods)
+        self.assertIn("GET", allowed_methods)
+        self.assertIn("PUT", allowed_methods)
+        self.assertIn("HEAD", allowed_methods)
+
+        allowed_headers = resp.headers["Access-Control-Allow-Headers"].split(",")
+
+        self.assertIn("X-My-Header", allowed_headers)
+        # self.assertNotIn("X-Another-Header", allowed_headers)
+
+    def test_preflight_deactivated_method(self):
+        self.app.options(
+            "/squirel",
+            headers={"Origin": "notmyidea.org", "Access-Control-Request-Method": "POST"},
+            status=400,
+        )
+
+    def test_preflight_origin_not_allowed_for_method(self):
+        self.app.options(
+            "/squirel",
+            headers={"Origin": "notmyidea.org", "Access-Control-Request-Method": "PUT"},
+            status=400,
+        )
+
+    def test_preflight_credentials_are_supported(self):
+        resp = self.app.options(
+            "/spam", headers={"Origin": "notmyidea.org", "Access-Control-Request-Method": "GET"}
+        )
+        self.assertIn("Access-Control-Allow-Credentials", resp.headers)
+        self.assertEqual(resp.headers["Access-Control-Allow-Credentials"], "true")
+
+    def test_preflight_credentials_header_not_included_when_not_needed(self):
+        resp = self.app.options(
+            "/spam", headers={"Origin": "notmyidea.org", "Access-Control-Request-Method": "POST"}
+        )
+
+        self.assertNotIn("Access-Control-Allow-Credentials", resp.headers)
+
+    def test_preflight_contains_max_age(self):
+        resp = self.app.options(
+            "/spam", headers={"Origin": "notmyidea.org", "Access-Control-Request-Method": "GET"}
+        )
+
+        self.assertIn("Access-Control-Max-Age", resp.headers)
+        self.assertEqual(resp.headers["Access-Control-Max-Age"], "42")
+
+    def test_resp_dont_include_allow_origin(self):
+        resp = self.app.get("/squirel")  # omit the Origin header
+        self.assertNotIn("Access-Control-Allow-Origin", resp.headers)
+        self.assertEqual(resp.json, "squirels")
+
+    def test_origin_is_not_wildcard_if_allow_credentials(self):
+        resp = self.app.options(
+            "/cors_klass",
+            status=200,
+            headers={
+                "Origin": "lolnet.org",
+                "Access-Control-Request-Method": "POST",
+            },
+        )
+        self.assertEqual(resp.headers["Access-Control-Allow-Origin"], "lolnet.org")
+        self.assertEqual(resp.headers["Access-Control-Allow-Credentials"], "true")
+
+    def test_responses_include_an_allow_origin_header(self):
+        resp = self.app.get("/squirel", headers={"Origin": "notmyidea.org"})
+        self.assertIn("Access-Control-Allow-Origin", resp.headers)
+        self.assertEqual(resp.headers["Access-Control-Allow-Origin"], "notmyidea.org")
+
+    def test_credentials_are_included(self):
+        resp = self.app.get("/spam", headers={"Origin": "notmyidea.org"})
+        self.assertIn("Access-Control-Allow-Credentials", resp.headers)
+        self.assertEqual(resp.headers["Access-Control-Allow-Credentials"], "true")
+
+    def test_headers_are_exposed(self):
+        resp = self.app.get("/squirel", headers={"Origin": "notmyidea.org"})
+        self.assertIn("Access-Control-Expose-Headers", resp.headers)
+
+        headers = resp.headers["Access-Control-Expose-Headers"].split(",")
+        self.assertIn("X-My-Header", headers)
+
+    def test_preflight_request_headers_are_included(self):
+        resp = self.app.options(
+            "/squirel",
+            headers={
+                "Origin": "notmyidea.org",
+                "Access-Control-Request-Method": "GET",
+                "Access-Control-Request-Headers": "foo,    bar,baz  ",
+            },
+        )
+        # The specification says we can have any number of LWS (Linear white
+        # spaces) in the values and that it should be removed.
+
+        # per default, they should be authorized, and returned in the list of
+        # authorized headers
+        headers = resp.headers["Access-Control-Allow-Headers"].split(",")
+        self.assertIn("foo", headers)
+        self.assertIn("bar", headers)
+        self.assertIn("baz", headers)
+
+    def test_preflight_request_headers_isnt_too_permissive(self):
+        # The specification says we can have any number of LWS (Linear white
+        # spaces) in the values.
+        self.app.options(
+            "/eggs",
+            headers={
+                "Origin": "notmyidea.org",
+                "Access-Control-Request-Method": "GET",
+                "Access-Control-Request-Headers": (
+                    "  X-My-Header  ,X-Another-Header,   X-Another-Header2 "
+                ),
+            },
+            status=200,
+        )
+
+        self.app.options(
+            "/eggs",
+            headers={
+                "Origin": "notmyidea.org",
+                "Access-Control-Request-Method": "GET",
+                "Access-Control-Request-Headers": ("X-My-Header   ,baz ,  X-Another-Header  "),
+            },
+            status=400,
+        )
+
+    def test_preflight_headers_arent_case_sensitive(self):
+        self.app.options(
+            "/spam",
+            headers={
+                "Origin": "notmyidea.org",
+                "Access-Control-Request-Method": "GET",
+                "Access-Control-Request-Headers": "x-my-header",
+            },
+        )
+
+    def test_400_returns_CORS_headers(self):
+        resp = self.app.get("/bacon/not", status=400, headers={"Origin": "notmyidea.org"})
+        self.assertIn("Access-Control-Allow-Origin", resp.headers)
+
+    def test_response_returns_CORS_headers(self):
+        resp = self.app.post("/bacon/response", status=200, headers={"Origin": "notmyidea.org"})
+        self.assertIn("Access-Control-Allow-Origin", resp.headers)
+
+    def test_existing_non_service_route(self):
+        resp = self.app.get("/noservice", status=200, headers={"Origin": "notmyidea.org"})
+        self.assertEqual(resp.body, b"No Service here.")
+
+
+class TestAuthenticatedCORS(TestCase):
+    def setUp(self):
+        def check_cred(username, *args, **kwargs):
+            return [username]
+
+        @implementer(IAuthorizationPolicy)
+        class AuthorizationPolicy(object):
+            def permits(self, context, principals, permission):
+                return permission in principals
+
+        self.config = testing.setUp()
+        self.config.include("kinto.core.cornice")
+        self.config.add_route("noservice", "/noservice")
+        self.config.set_authorization_policy(AuthorizationPolicy())
+        self.config.set_authentication_policy(BasicAuthAuthenticationPolicy(check_cred))
+        self.config.set_default_permission("readwrite")
+        self.config.scan("tests.core.cornice.test_cors")
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_post_on_spam_should_be_forbidden(self):
+        self.app.post("/spam", status=403)
+
+    def test_preflight_does_not_need_authentication(self):
+        self.app.options(
+            "/spam",
+            status=200,
+            headers={"Origin": "notmyidea.org", "Access-Control-Request-Method": "POST"},
+        )
+
+
+class TestAlwaysCORS(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.include("kinto.core.cornice")
+        self.config.add_route("noservice", "/noservice")
+        self.config.scan("tests.core.cornice.test_cors")
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_response_returns_CORS_headers_without_origin(self):
+        resp = self.app.post("/bacon/response", status=200)
+        self.assertIn("Access-Control-Allow-Origin", resp.headers)
+
+    def test_response_does_not_return_CORS_headers_if_no_origin(self):
+        resp = self.app.put("/squirel")
+        self.assertNotIn("Access-Control-Allow-Origin", resp.headers)
+
+    def test_preflight_checks_origin_when_not_star(self):
+        self.app.options(
+            "/squirel",
+            headers={"Origin": "notmyidea.org", "Access-Control-Request-Method": "PUT"},
+            status=400,
+        )
+        self.app.put("/squirel", headers={"Origin": "notmyidea.org"}, status=400)
+
+    def test_checks_origin_when_not_star(self):
+        self.app.put("/squirel", headers={"Origin": "not foobar"}, status=400)
diff --git a/tests/core/cornice/test_errors.py b/tests/core/cornice/test_errors.py
new file mode 100644
index 000000000..efbc95512
--- /dev/null
+++ b/tests/core/cornice/test_errors.py
@@ -0,0 +1,42 @@
+from unittest import TestCase
+
+from pyramid.i18n import TranslationString
+
+from kinto.core.cornice.errors import Errors
+from kinto.core.cornice.service import Service
+
+
+class TestErrorsHelper(TestCase):
+    def setUp(self):
+        self.errors = Errors()
+
+    def test_add_to_supported_location(self):
+        self.errors.add("")
+        self.errors.add("body", description="!")
+        self.errors.add("querystring", name="field")
+        self.errors.add("url")
+        self.errors.add("header")
+        self.errors.add("path")
+        self.errors.add("cookies")
+        self.errors.add("method")
+        self.assertEqual(len(self.errors), 8)
+
+    def test_raises_an_exception_when_location_is_unsupported(self):
+        with self.assertRaises(ValueError):
+            self.errors.add("something")
+
+
+service1 = Service(name="service1", path="/error-service1")
+
+
+@service1.get()
+def get1(request):
+    return request.errors.add("body", "field", "Description")
+
+
+service2 = Service(name="service2", path="/error-service2")
+
+
+@service2.get()
+def get2(request):
+    return request.errors.add("body", "field", TranslationString("Description"))
diff --git a/tests/core/cornice/test_pyramidhook.py b/tests/core/cornice/test_pyramidhook.py
new file mode 100644
index 000000000..8bd647c42
--- /dev/null
+++ b/tests/core/cornice/test_pyramidhook.py
@@ -0,0 +1,378 @@
+# flake8: noqa
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+import logging
+import re
+from unittest import mock, TestCase
+from pyramid.interfaces import IDebugLogger
+
+from pyramid import testing
+from pyramid.exceptions import PredicateMismatch
+from pyramid.httpexceptions import HTTPOk, HTTPForbidden, HTTPNotFound, HTTPMethodNotAllowed
+from pyramid.csrf import CookieCSRFStoragePolicy
+from pyramid.response import Response
+from pyramid.security import Allow, Deny, NO_PERMISSION_REQUIRED
+from pyramid.authentication import AuthTktAuthenticationPolicy
+from pyramid.authorization import ACLAuthorizationPolicy
+
+from pyramid.exceptions import ConfigurationError
+from webtest import TestApp
+
+from kinto.core.cornice import Service
+from kinto.core.cornice.pyramidhook import register_service_views
+from kinto.core.cornice.util import func_name, ContentTypePredicate, current_service
+
+from .support import CatchErrors, dummy_factory
+
+
+def my_acl(request):
+    return [
+        (Allow, "alice", "read"),
+        (Allow, "bob", "write"),
+        (Deny, "carol", "write"),
+        (Allow, "dan", ("write", "update")),
+    ]
+
+
+class MyFactory(object):
+    def __init__(self, request):
+        self.request = request
+
+    def __acl__(self):
+        return my_acl(self.request)
+
+
+service = Service(name="service", path="/service", factory=MyFactory)
+
+
+@service.get()
+def return_404(request):
+    raise HTTPNotFound()
+
+
+@service.put(permission="update")
+def update_view(request):
+    return "updated_view"
+
+
+@service.patch(permission="write")
+def return_yay(request):
+    return "yay"
+
+
+@service.delete()
+def delete_view(request):
+    request.response.status = 204
+
+
+class TemperatureCooler(object):
+    def __init__(self, request, context=None):
+        self.request = request
+        self.context = context
+
+    def get_fresh_air(self):
+        resp = Response()
+        resp.text = "air with " + repr(self.context)
+        return resp
+
+    def check_temperature(self, request, **kw):
+        if not "X-Temperature" in request.headers:
+            request.errors.add("header", "X-Temperature")
+
+
+tc = Service(
+    name="TemperatureCooler", path="/fresh-air", klass=TemperatureCooler, factory=dummy_factory
+)
+tc.add_view("GET", "get_fresh_air", validators=("check_temperature",))
+
+
+class TestService(TestCase):
+    def setUp(self):
+        self.config = testing.setUp(settings={"pyramid.debug_authorization": True})
+
+        # Set up debug_authorization logging to console
+        logging.basicConfig(level=logging.DEBUG)
+        debug_logger = logging.getLogger()
+        self.config.registry.registerUtility(debug_logger, IDebugLogger)
+
+        self.config.include("kinto.core.cornice")
+
+        self.authz_policy = ACLAuthorizationPolicy()
+        self.config.set_authorization_policy(self.authz_policy)
+
+        self.authn_policy = AuthTktAuthenticationPolicy("$3kr1t")
+        self.config.set_authentication_policy(self.authn_policy)
+
+        self.config.scan("tests.core.cornice.test_service")
+        self.config.scan("tests.core.cornice.test_pyramidhook")
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+        register_service_views(self.config, service)
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_404(self):
+        # a get on a resource that explicitly return a 404 should return 404
+        self.app.get("/service", status=HTTPNotFound.code)
+
+    def test_405(self):
+        # calling a unknown verb on an existing resource should return a 405
+        self.app.post("/service", status=HTTPMethodNotAllowed.code)
+
+    def test_204(self):
+        resp = self.app.delete("/service", status=204)
+        self.assertNotIn("Content-Type", resp.headers)
+
+    def test_acl_support_unauthenticated_service_patch(self):
+        # calling a view with permissions without an auth'd user => 403
+        self.app.patch("/service", status=HTTPForbidden.code)
+
+    def test_acl_support_authenticated_allowed_service_patch(self):
+        with mock.patch.object(self.authn_policy, "unauthenticated_userid", return_value="bob"):
+            result = self.app.patch("/service", status=HTTPOk.code)
+            self.assertEqual("yay", result.json)
+        # The other user with 'write' permission
+        with mock.patch.object(self.authn_policy, "unauthenticated_userid", return_value="dan"):
+            result = self.app.patch("/service", status=HTTPOk.code)
+            self.assertEqual("yay", result.json)
+
+    def test_acl_support_authenticated_valid_user_wrong_permission_service_patch(self):
+        with mock.patch.object(self.authn_policy, "unauthenticated_userid", return_value="alice"):
+            self.app.patch("/service", status=HTTPForbidden.code)
+
+    def test_acl_support_authenticated_valid_user_permission_denied_service_patch(self):
+        with mock.patch.object(self.authn_policy, "unauthenticated_userid", return_value="carol"):
+            self.app.patch("/service", status=HTTPForbidden.code)
+
+    def test_acl_support_authenticated_invalid_user_service_patch(self):
+        with mock.patch.object(
+            self.authn_policy, "unauthenticated_userid", return_value="mallory"
+        ):
+            self.app.patch("/service", status=HTTPForbidden.code)
+
+    def test_acl_support_authenticated_allowed_service_put(self):
+        with mock.patch.object(self.authn_policy, "unauthenticated_userid", return_value="dan"):
+            result = self.app.put("/service", status=HTTPOk.code)
+            self.assertEqual("updated_view", result.json)
+
+    def test_acl_support_authenticated_valid_user_wrong_permission_service_put(self):
+        with mock.patch.object(self.authn_policy, "unauthenticated_userid", return_value="bob"):
+            self.app.put("/service", status=HTTPForbidden.code)
+
+    def test_acl_support_authenticated_valid_user_permission_denied_service_put(self):
+        with mock.patch.object(self.authn_policy, "unauthenticated_userid", return_value="carol"):
+            self.app.put("/service", status=HTTPForbidden.code)
+
+    def test_acl_support_authenticated_invalid_user_service_put(self):
+        with mock.patch.object(
+            self.authn_policy, "unauthenticated_userid", return_value="mallory"
+        ):
+            self.app.put("/service", status=HTTPForbidden.code)
+
+
+class WrapperService(Service):
+    def get_view_wrapper(self, kw):
+        def upper_wrapper(func):
+            def upperizer(*args, **kwargs):
+                result = func(*args, **kwargs)
+                return result.upper()
+
+            return upperizer
+
+        return upper_wrapper
+
+
+wrapper_service = WrapperService(name="wrapperservice", path="/wrapperservice")
+
+
+@wrapper_service.get()
+def return_foo(request):
+    return "foo"
+
+
+class TestServiceWithWrapper(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.include("kinto.core.cornice")
+        self.config.scan("tests.core.cornice.test_pyramidhook")
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_wrapped(self):
+        result = self.app.get("/wrapperservice")
+        self.assertEqual(result.json, "FOO")
+
+    def test_func_name_undecorated_function(self):
+        self.assertEqual("my_acl", func_name(my_acl))
+
+    def test_func_name_decorated_function(self):
+        self.assertEqual("return_foo", func_name(return_foo))
+
+    def test_func_name_string(self):
+        self.assertEqual("some_string", func_name("some_string"))
+
+    def test_func_name_class_method(self):
+        self.assertEqual(
+            "TestServiceWithWrapper.test_wrapped", func_name(TestServiceWithWrapper.test_wrapped)
+        )
+
+
+class TestNosniffHeader(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.include("kinto.core.cornice")
+        self.config.scan("tests.core.cornice.test_pyramidhook")
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def test_no_sniff_is_added_to_responses(self):
+        response = self.app.get("/wrapperservice")
+        self.assertEqual(response.headers["X-Content-Type-Options"], "nosniff")
+
+
+test_service = Service(name="jardinet", path="/jardinet")
+test_service.add_view("GET", lambda request: request.current_service.name)
+
+
+class TestCurrentService(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.include("kinto.core.cornice")
+        self.config.scan("tests.core.cornice.test_pyramidhook")
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def test_current_service_on_request(self):
+        resp = self.app.get("/jardinet")
+        self.assertEqual(resp.json, "jardinet")
+
+
+class TestRouteWithTraverse(TestCase):
+    def test_route_construction(self):
+        config = mock.MagicMock()
+        config.add_route = mock.MagicMock()
+
+        register_service_views(config, test_service)
+        config.add_route.assert_called_with("jardinet", "/jardinet")
+
+    def test_route_with_prefix(self):
+        config = testing.setUp(settings={})
+        config.add_route = mock.MagicMock()
+        config.route_prefix = "/prefix"
+        config.registry.cornice_services = {}
+        config.add_directive("add_cornice_service", register_service_views)
+        config.scan("tests.core.cornice.test_pyramidhook")
+
+        services = config.registry.cornice_services
+        self.assertTrue("/prefix/wrapperservice" in services)
+
+
+class TestRouteFromPyramid(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.include("kinto.core.cornice")
+        self.config.add_route("proute", "/from_pyramid")
+        self.config.scan("tests.core.cornice.test_pyramidhook")
+
+        def handle_response(request):
+            return {"service": request.current_service.name, "route": request.matched_route.name}
+
+        rserv = Service(name="ServiceWPyramidRoute", pyramid_route="proute")
+        rserv.add_view("GET", handle_response)
+
+        register_service_views(self.config, rserv)
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def test_service_routing(self):
+        result = self.app.get("/from_pyramid", status=200)
+        self.assertEqual("proute", result.json["route"])
+        self.assertEqual("ServiceWPyramidRoute", result.json["service"])
+
+    def test_no_route_or_path(self):
+        with self.assertRaises(TypeError):
+            Service(
+                name="broken service",
+            )
+
+
+class TestPrefixRouteFromPyramid(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.route_prefix = "/prefix"
+        self.config.include("kinto.core.cornice")
+        self.config.add_route("proute", "/from_pyramid")
+        self.config.scan("tests.core.cornice.test_pyramidhook")
+
+        def handle_response(request):
+            return {"service": request.current_service.name, "route": request.matched_route.name}
+
+        rserv = Service(name="ServiceWPyramidRoute", pyramid_route="proute")
+        rserv.add_view("GET", handle_response)
+
+        register_service_views(self.config, rserv)
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def test_service_routing(self):
+        result = self.app.get("/prefix/from_pyramid", status=200)
+        self.assertEqual("proute", result.json["route"])
+        self.assertEqual("ServiceWPyramidRoute", result.json["service"])
+
+    def test_no_route_or_path(self):
+        with self.assertRaises(TypeError):
+            Service(
+                name="broken service",
+            )
+
+    def test_current_service(self):
+        pyramid_app = self.app.app.app
+        request = mock.MagicMock()
+        request.matched_route = pyramid_app.routes_mapper.get_route("proute")
+        request.registry = pyramid_app.registry
+        assert current_service(request)
+
+
+class TestServiceWithNonpickleableSchema(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.registry.cornice_services = {}
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test(self):
+        # Compiled regexs are, apparently, non-pickleable
+        service = Service(name="test", path="/", schema={"a": re.compile("")})
+        service.add_view("GET", lambda _: _)
+        register_service_views(self.config, service)
+
+
+class TestFallbackRegistration(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.add_view_predicate("content_type", ContentTypePredicate)
+        self.config.set_csrf_storage_policy(CookieCSRFStoragePolicy(domain="localhost"))
+        self.config.set_default_csrf_options(require_csrf=True)
+        self.config.registry.cornice_services = {}
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_fallback_permission(self):
+        """
+        Fallback view should be registered with NO_PERMISSION_REQUIRED
+        Fixes: https://github.com/mozilla-services/cornice/issues/245
+        """
+        service = Service(name="fallback-test", path="/")
+        service.add_view("GET", lambda _: _)
+        register_service_views(self.config, service)
+
+        # This is a bit baroque
+        introspector = self.config.introspector
+        views = introspector.get_category("views")
+        fallback_views = [i for i in views if i["introspectable"]["route_name"] == "fallback-test"]
+
+        for v in fallback_views:
+            if v["introspectable"].title == "function cornice.pyramidhook._fallback_view":
+                permissions = [p["value"] for p in v["related"] if p.type_name == "permission"]
+                self.assertIn(NO_PERMISSION_REQUIRED, permissions)
diff --git a/tests/core/cornice/test_renderer.py b/tests/core/cornice/test_renderer.py
new file mode 100644
index 000000000..7f5a9fffd
--- /dev/null
+++ b/tests/core/cornice/test_renderer.py
@@ -0,0 +1,32 @@
+from unittest import TestCase, mock
+
+from pyramid.renderers import JSON
+
+from kinto.core.cornice import CorniceRenderer
+from kinto.core.cornice.renderer import JSONError
+
+
+class TestRenderer(TestCase):
+    def test_renderer_is_pyramid_renderer_subclass(self):
+        self.assertIsInstance(CorniceRenderer(), JSON)
+
+    def test_renderer_calls_render_method(self):
+        renderer = CorniceRenderer()
+        self.assertEqual(renderer(info=None), renderer.render)
+
+    def test_renderer_render_errors(self):
+        renderer = CorniceRenderer()
+        request = mock.MagicMock()
+
+        class FakeErrors(object):
+            status = 418
+
+            def __json__(self, request):
+                return ["error_1", "error_2"]
+
+        request.errors = FakeErrors()
+
+        result = renderer.render_errors(request)
+        self.assertIsInstance(result, JSONError)
+        self.assertEqual(result.status_int, 418)
+        self.assertEqual(result.json_body, {"status": "error", "errors": ["error_1", "error_2"]})
diff --git a/tests/core/cornice/test_service.py b/tests/core/cornice/test_service.py
new file mode 100644
index 000000000..faefc46b5
--- /dev/null
+++ b/tests/core/cornice/test_service.py
@@ -0,0 +1,504 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+from unittest import TestCase, mock
+
+from pyramid.exceptions import ConfigurationError
+from pyramid.interfaces import IRendererFactory
+
+from kinto.core.cornice.service import (
+    Service,
+    _UnboundView,
+    clear_services,
+    decorate_view,
+    get_services,
+)
+from kinto.core.cornice.util import func_name
+
+
+def _validator(req):
+    return True
+
+
+def _validator2(req):
+    return True
+
+
+def _stub(req):
+    return None
+
+
+class TestService(TestCase):
+    def tearDown(self):
+        clear_services()
+
+    def test_service_instantiation(self):
+        service = Service("coconuts", "/migrate")
+        self.assertEqual(service.name, "coconuts")
+        self.assertEqual(service.path, "/migrate")
+        self.assertEqual(service.renderer, Service.renderer)
+
+        service = Service("coconuts", "/migrate", renderer="html")
+        self.assertEqual(service.renderer, "html")
+
+        # test that lists are also set
+        validators = [
+            lambda x: True,
+        ]
+        service = Service("coconuts", "/migrate", validators=validators)
+        self.assertEqual(service.validators, validators)
+
+    def test_representation(self):
+        service = Service("coconuts", "/migrate")
+        self.assertEqual(repr(service), "<Service coconuts at /migrate>")
+
+    def test_representation_path(self):
+        service = Service("coconuts", pyramid_route="some_route")
+        self.assertEqual(repr(service), "<Service coconuts at some_route>")
+
+    def test_get_arguments(self):
+        service = Service("coconuts", "/migrate")
+        # not specifying anything, we should get the default values
+        args = service.get_arguments({})
+        for arg in Service.mandatory_arguments:
+            self.assertEqual(args[arg], getattr(Service, arg, None))
+
+        # calling this method on a configured service should use the values
+        # passed at instantiation time as default values
+        service = Service("coconuts", "/migrate", renderer="html")
+        args = service.get_arguments({})
+        self.assertEqual(args["renderer"], "html")
+
+        # if we specify another renderer for this service, despite the fact
+        # that one is already set in the instance, this one should be used
+        args = service.get_arguments({"renderer": "foobar"})
+        self.assertEqual(args["renderer"], "foobar")
+
+        # test that list elements are not overwritten
+        # define a validator for the needs of the test
+
+        service = Service("vaches", "/fetchez", validators=(_validator,))
+        self.assertEqual(len(service.validators), 1)
+        args = service.get_arguments({"validators": (_validator2,)})
+
+        # the list of validators didn't changed
+        self.assertEqual(len(service.validators), 1)
+
+        # but the one returned contains 2 validators
+        self.assertEqual(len(args["validators"]), 2)
+
+        # test that exclude effectively removes the items from the list of
+        # validators / filters it returns, without removing it from the ones
+        # registered for the service.
+        service = Service("open bar", "/bar", validators=(_validator, _validator2))
+        self.assertEqual(service.validators, [_validator, _validator2])
+
+        args = service.get_arguments({"exclude": _validator2})
+        self.assertEqual(args["validators"], [_validator])
+
+        # defining some non-mandatory arguments in a service should make
+        # them available on further calls to get_arguments.
+
+        service = Service("vaches", "/fetchez", foobar="baz")
+        self.assertIn("foobar", service.arguments)
+        self.assertIn("foobar", service.get_arguments())
+
+    def test_view_registration(self):
+        # registering a new view should make it available in the list.
+        # The methods list is populated
+        service = Service("color", "/favorite-color")
+
+        def view(request):
+            pass
+
+        service.add_view("post", view, validators=(_validator,))
+        self.assertEqual(len(service.definitions), 1)
+        method, _view, _ = service.definitions[0]
+
+        # the view had been registered. we also test here that the method had
+        # been inserted capitalized (POST instead of post)
+        self.assertEqual(("POST", view), (method, _view))
+
+    def test_error_handler(self):
+        error_handler = object()
+        service = Service("color", "/favorite-color", error_handler=error_handler)
+
+        @service.get()
+        def get_favorite_color(request):
+            return "blue, hmm, red, hmm, aaaaaaaah"
+
+        method, view, args = service.definitions[0]
+        self.assertIs(args["error_handler"], error_handler)
+
+    def test_default_error_handler(self):
+        # If not configured otherwise, Service.default_error_handler should
+        # be used to handle and render errors.
+        service = Service("error service", "/error_service")
+
+        @service.get()
+        def get_error(request):
+            return "error"
+
+        method, view, args = service.definitions[0]
+        self.assertEqual(args["error_handler"], service.default_error_handler)
+
+    def test_default_error_handler_calls_default_renderer(self):
+        # Default error handler should call `render_errors` on the
+        # registered renderer.
+        service = Service("error service", "/error_service")
+
+        renderer = mock.MagicMock()
+        renderer.render_errors.return_value = "rendered_errors"
+
+        request = mock.MagicMock()
+        request.registry.queryUtility.return_value = renderer
+
+        self.assertEqual(service.default_error_handler(request), "rendered_errors")
+        request.registry.queryUtility.assert_called_with(IRendererFactory, name=service.renderer)
+        renderer.render_errors.assert_called_with(request)
+
+    def test_decorators(self):
+        service = Service("color", "/favorite-color")
+
+        @service.get()
+        def get_favorite_color(request):
+            return "blue, hmm, red, hmm, aaaaaaaah"
+
+        self.assertEqual(2, len(service.definitions))
+        method, view, _ = service.definitions[0]
+        self.assertEqual(("GET", get_favorite_color), (method, view))
+        method, view, _ = service.definitions[1]
+        self.assertEqual(("HEAD", get_favorite_color), (method, view))
+
+        @service.post(accept="text/plain", renderer="plain")
+        @service.post(accept="application/json")
+        def post_favorite_color(request):
+            pass
+
+        # using multiple decorators on a resource should register them all in
+        # as many different definitions in the service
+        self.assertEqual(4, len(service.definitions))
+
+        @service.patch()
+        def patch_favorite_color(request):
+            return ""
+
+        method, view, _ = service.definitions[4]
+        self.assertEqual("PATCH", method)
+
+        @service.put()
+        def put_favorite_color(request):
+            return ""
+
+        method, view, _ = service.definitions[5]
+        self.assertEqual("PUT", method)
+
+        @service.delete()
+        def delete_favorite_color(request):
+            return ""
+
+        method, view, _ = service.definitions[6]
+        self.assertEqual("DELETE", method)
+
+        @service.options()
+        def favorite_color_options(request):
+            return ""
+
+        method, view, _ = service.definitions[7]
+        self.assertEqual("OPTIONS", method)
+
+    def test_get_acceptable(self):
+        # defining a service with different "accept" headers, we should be able
+        # to retrieve this information easily
+        service = Service("color", "/favorite-color")
+        service.add_view("GET", lambda x: "blue", accept="text/plain")
+        self.assertEqual(service.get_acceptable("GET"), ["text/plain"])
+
+        service.add_view("GET", lambda x: "blue", accept="application/json")
+        self.assertEqual(service.get_acceptable("GET"), ["text/plain", "application/json"])
+
+        # adding a view for the POST method should not break everything :-)
+        service.add_view("POST", lambda x: "ok", accept=("foo/bar"))
+        self.assertEqual(service.get_acceptable("GET"), ["text/plain", "application/json"])
+        # and of course the list of accepted egress content-types should be
+        # available for the "POST" as well.
+        self.assertEqual(service.get_acceptable("POST"), ["foo/bar"])
+
+        # it is possible to give acceptable egress content-types dynamically at
+        # run-time. You don't always want to have the callables when retrieving
+        # all the acceptable content-types
+        service.add_view("POST", lambda x: "ok", accept=lambda r: "application/json")
+        self.assertEqual(len(service.get_acceptable("POST")), 2)
+        self.assertEqual(len(service.get_acceptable("POST", True)), 1)
+
+    def test_get_contenttypes(self):
+        # defining a service with different "content_type" headers, we should
+        # be able to retrieve this information easily
+        service = Service("color", "/favorite-color")
+        service.add_view("GET", lambda x: "blue", content_type="text/plain")
+        self.assertEqual(service.get_contenttypes("GET"), ["text/plain"])
+
+        service.add_view("GET", lambda x: "blue", content_type="application/json")
+        self.assertEqual(service.get_contenttypes("GET"), ["text/plain", "application/json"])
+
+        # adding a view for the POST method should not break everything :-)
+        service.add_view("POST", lambda x: "ok", content_type=("foo/bar"))
+        self.assertEqual(service.get_contenttypes("GET"), ["text/plain", "application/json"])
+        # and of course the list of supported ingress content-types should be
+        # available for the "POST" as well.
+        self.assertEqual(service.get_contenttypes("POST"), ["foo/bar"])
+
+        # it is possible to give supported ingress content-types dynamically at
+        # run-time. You don't always want to have the callables when retrieving
+        # all the supported content-types
+        service.add_view("POST", lambda x: "ok", content_type=lambda r: "application/json")
+        self.assertEqual(len(service.get_contenttypes("POST")), 2)
+        self.assertEqual(len(service.get_contenttypes("POST", True)), 1)
+
+    def test_class_parameters(self):
+        # when passing a "klass" argument, it gets registered. It also tests
+        # that the view argument can be a string and not a callable.
+        class TemperatureCooler(object):
+            def get_fresh_air(self):
+                pass
+
+        service = Service("TemperatureCooler", "/freshair", klass=TemperatureCooler)
+        service.add_view("get", "get_fresh_air")
+
+        self.assertEqual(len(service.definitions), 2)
+
+        method, view, args = service.definitions[0]
+        self.assertEqual(view, "get_fresh_air")
+        self.assertEqual(args["klass"], TemperatureCooler)
+
+    def test_get_services(self):
+        self.assertEqual([], get_services())
+        foobar = Service("Foobar", "/foobar")
+        self.assertIn(foobar, get_services())
+
+        barbaz = Service("Barbaz", "/barbaz")
+        self.assertIn(barbaz, get_services())
+
+        self.assertEqual(
+            [
+                barbaz,
+            ],
+            get_services(
+                exclude=[
+                    "Foobar",
+                ]
+            ),
+        )
+        self.assertEqual(
+            [
+                foobar,
+            ],
+            get_services(
+                names=[
+                    "Foobar",
+                ]
+            ),
+        )
+        self.assertEqual([foobar, barbaz], get_services(names=["Foobar", "Barbaz"]))
+
+    def test_default_validators(self):
+        old_validators = Service.default_validators
+        try:
+
+            def custom_validator(request):
+                pass
+
+            def custom_filter(request):
+                pass
+
+            def freshair(request):
+                pass
+
+            # the default validators should be used when registering a service
+            Service.default_validators = [
+                custom_validator,
+            ]
+            service = Service("TemperatureCooler", "/freshair")
+            service.add_view("GET", freshair)
+            method, view, args = service.definitions[0]
+
+            self.assertIn(custom_validator, args["validators"])
+
+            # defining a service with additional filters / validators should
+            # work as well
+            def another_validator(request):
+                pass
+
+            def groove_em_all(request):
+                pass
+
+            service2 = Service(
+                "FunkyGroovy",
+                "/funky-groovy",
+                validators=[another_validator],
+            )
+
+            service2.add_view("GET", groove_em_all)
+            method, view, args = service2.definitions[0]
+
+            self.assertIn(custom_validator, args["validators"])
+            self.assertIn(another_validator, args["validators"])
+        finally:
+            Service.default_validators = old_validators
+
+    def test_cors_headers_for_service_instantiation(self):
+        # When defining services, it's possible to add headers. This tests
+        # it is possible to list all the headers supported by a service.
+        service = Service("coconuts", "/migrate", cors_headers=("X-Header-Coconut"))
+        self.assertNotIn("X-Header-Coconut", service.cors_supported_headers_for())
+
+        service.add_view("POST", _stub)
+        self.assertIn("X-Header-Coconut", service.cors_supported_headers_for())
+
+    def test_cors_headers_for_view_definition(self):
+        # defining headers in the view should work.
+        service = Service("coconuts", "/migrate")
+        service.add_view("POST", _stub, cors_headers=("X-Header-Foobar"))
+        self.assertIn("X-Header-Foobar", service.cors_supported_headers_for())
+
+    def test_cors_headers_for_method(self):
+        # defining headers in the view should work.
+        service = Service("coconuts", "/migrate")
+        service.add_view("GET", _stub, cors_headers=("X-Header-Foobar"))
+        service.add_view("POST", _stub, cors_headers=("X-Header-Barbaz"))
+        get_headers = service.cors_supported_headers_for(method="GET")
+        self.assertNotIn("X-Header-Barbaz", get_headers)
+
+    def test_cors_headers_for_method_are_deduplicated(self):
+        # defining headers in the view should work.
+        service = Service("coconuts", "/migrate")
+        service.cors_headers = ("X-Header-Foobar",)
+        service.add_view("GET", _stub, cors_headers=("X-Header-Foobar", "X-Header-Barbaz"))
+        get_headers = service.cors_supported_headers_for(method="GET")
+        expected = set(["X-Header-Foobar", "X-Header-Barbaz"])
+        self.assertEqual(expected, get_headers)
+
+    def test_cors_supported_methods(self):
+        foo = Service(name="foo", path="/foo")
+        foo.add_view("GET", _stub)
+        self.assertIn("GET", foo.cors_supported_methods)
+
+        foo.add_view("POST", _stub)
+        self.assertIn("POST", foo.cors_supported_methods)
+
+    def test_cors_supported_origins(self):
+        foo = Service(name="foo", path="/foo", cors_origins=("mozilla.org",))
+
+        foo.add_view("GET", _stub, cors_origins=("notmyidea.org", "lolnet.org"))
+
+        self.assertIn("mozilla.org", foo.cors_supported_origins)
+        self.assertIn("notmyidea.org", foo.cors_supported_origins)
+        self.assertIn("lolnet.org", foo.cors_supported_origins)
+
+    def test_per_method_supported_origins(self):
+        foo = Service(name="foo", path="/foo", cors_origins=("mozilla.org",))
+        foo.add_view("GET", _stub, cors_origins=("lolnet.org",))
+
+        self.assertTrue("mozilla.org" in foo.cors_origins_for("GET"))
+        self.assertTrue("lolnet.org" in foo.cors_origins_for("GET"))
+
+        foo.add_view("POST", _stub)
+        self.assertFalse("lolnet.org" in foo.cors_origins_for("POST"))
+
+    def test_credential_support_can_be_enabled(self):
+        foo = Service(name="foo", path="/foo", cors_credentials=True)
+        foo.add_view("POST", _stub)
+        self.assertTrue(foo.cors_support_credentials_for())
+
+    def test_credential_support_is_disabled_by_default(self):
+        foo = Service(name="foo", path="/foo")
+        foo.add_view("POST", _stub)
+        self.assertFalse(foo.cors_support_credentials_for())
+
+    def test_per_method_credential_support(self):
+        foo = Service(name="foo", path="/foo")
+        foo.add_view("GET", _stub, cors_credentials=True)
+        foo.add_view("POST", _stub)
+        self.assertTrue(foo.cors_support_credentials_for("GET"))
+        self.assertFalse(foo.cors_support_credentials_for("POST"))
+
+    def test_method_takes_precendence_for_credential_support(self):
+        foo = Service(name="foo", path="/foo", cors_credentials=True)
+        foo.add_view("GET", _stub, cors_credentials=False)
+        self.assertFalse(foo.cors_support_credentials_for("GET"))
+
+    def test_max_age_is_none_if_undefined(self):
+        foo = Service(name="foo", path="/foo")
+        foo.add_view("POST", _stub)
+        self.assertIsNone(foo.cors_max_age_for("POST"))
+
+    def test_max_age_can_be_defined(self):
+        foo = Service(name="foo", path="/foo", cors_max_age=42)
+        foo.add_view("POST", _stub)
+        self.assertEqual(foo.cors_max_age_for(), 42)
+
+    def test_max_age_can_be_different_dependeing_methods(self):
+        foo = Service(name="foo", path="/foo", cors_max_age=42)
+        foo.add_view("GET", _stub)
+        foo.add_view("POST", _stub, cors_max_age=32)
+        foo.add_view("PUT", _stub, cors_max_age=7)
+
+        self.assertEqual(foo.cors_max_age_for("GET"), 42)
+        self.assertEqual(foo.cors_max_age_for("POST"), 32)
+        self.assertEqual(foo.cors_max_age_for("PUT"), 7)
+
+    def test_cors_policy(self):
+        policy = {"origins": ("foo", "bar", "baz")}
+        foo = Service(name="foo", path="/foo", cors_policy=policy)
+        self.assertTrue("foo" in foo.cors_supported_origins)
+        self.assertTrue("bar" in foo.cors_supported_origins)
+        self.assertTrue("baz" in foo.cors_supported_origins)
+
+    def test_cors_policy_can_be_overwritten(self):
+        policy = {"origins": ("foo", "bar", "baz")}
+        foo = Service(name="foo", path="/foo", cors_origins=(), cors_policy=policy)
+        self.assertEqual(len(foo.cors_supported_origins), 0)
+
+    def test_can_specify_a_view_decorator(self):
+        def dummy_decorator(view):
+            return view
+
+        service = Service("coconuts", "/migrate", decorator=dummy_decorator)
+        args = service.get_arguments({})
+        self.assertEqual(args["decorator"], dummy_decorator)
+
+        # make sure Service.decorator() still works
+        @service.decorator("put")
+        def dummy_view(request):
+            return "data"
+
+        self.assertTrue(any(view is dummy_view for method, view, args in service.definitions))
+
+    def test_cannot_specify_both_factory_and_acl(self):
+        with self.assertRaises(ConfigurationError):
+            Service(
+                "coconuts",
+                "/migrate",
+                acl="dummy_permission",
+                factory="TheFactoryMethodCalledByPyramid",
+            )
+
+    def test_decorate_view(self):
+        def myfunction():
+            pass
+
+        meth = "POST"
+        decorated = decorate_view(myfunction, {}, meth)
+        self.assertEqual(decorated.__name__, "{0}__{1}".format(func_name(myfunction), meth))
+
+    def test_decorate_resource_view(self):
+        class MyResource(object):
+            def __init__(self, **kwargs):
+                pass
+
+            def myview(self):
+                pass
+
+        meth = "POST"
+        decorated = decorate_view(_UnboundView(MyResource, "myview"), {}, meth)
+        self.assertEqual(decorated.__name__, "{0}__{1}".format(func_name(MyResource.myview), meth))
diff --git a/tests/core/cornice/test_service_definition.py b/tests/core/cornice/test_service_definition.py
new file mode 100644
index 000000000..223e481ea
--- /dev/null
+++ b/tests/core/cornice/test_service_definition.py
@@ -0,0 +1,71 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+from unittest import TestCase
+
+from pyramid import testing
+from webtest import TestApp
+
+from kinto.core.cornice import Service
+
+from .support import CatchErrors
+
+
+service1 = Service(name="service1", path="/service1")
+service2 = Service(name="service2", path="/service2")
+
+
+@service1.get()
+def get1(request):
+    return {"test": "succeeded"}
+
+
+@service1.post()
+def post1(request):
+    return {"body": request.body}
+
+
+@service2.get(accept="text/html")
+@service2.post(accept="audio/ogg")
+def get2_or_post2(request):
+    return {"test": "succeeded"}
+
+
+class TestServiceDefinition(TestCase):
+    def setUp(self):
+        self.config = testing.setUp()
+        self.config.include("kinto.core.cornice")
+        self.config.scan("tests.core.cornice.test_service_definition")
+        self.app = TestApp(CatchErrors(self.config.make_wsgi_app()))
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_basic_service_operation(self):
+        self.app.get("/unknown", status=404)
+        self.assertEqual(self.app.get("/service1").json, {"test": "succeeded"})
+
+        self.assertEqual(self.app.post("/service1", params="BODY").json, {"body": "BODY"})
+
+    def test_loading_into_multiple_configurators(self):
+        # When initializing a second configurator, it shouldn't interfere
+        # with the one already in place.
+        config2 = testing.setUp()
+        config2.include("kinto.core.cornice")
+        config2.scan("tests.core.cornice.test_service_definition")
+
+        # Calling the new configurator works as expected.
+        app = TestApp(CatchErrors(config2.make_wsgi_app()))
+        self.assertEqual(app.get("/service1").json, {"test": "succeeded"})
+
+        # Calling the old configurator works as expected.
+        self.assertEqual(self.app.get("/service1").json, {"test": "succeeded"})
+
+    def test_stacking_api_decorators(self):
+        # Stacking multiple @api calls on a single function should
+        # register it multiple times, just like @view_config does.
+        resp = self.app.get("/service2", headers={"Accept": "text/html"})
+        self.assertEqual(resp.json, {"test": "succeeded"})
+
+        resp = self.app.post("/service2", headers={"Accept": "audio/ogg"})
+        self.assertEqual(resp.json, {"test": "succeeded"})
diff --git a/tests/core/cornice/test_util.py b/tests/core/cornice/test_util.py
new file mode 100644
index 000000000..60a5967b0
--- /dev/null
+++ b/tests/core/cornice/test_util.py
@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+import unittest
+from unittest import mock
+
+from kinto.core.cornice import util
+
+
+class CurrentServiceTest(unittest.TestCase):
+    def test_current_service_returns_the_service_for_existing_patterns(self):
+        request = mock.MagicMock()
+        request.matched_route.pattern = "/buckets"
+        request.registry.cornice_services = {"/buckets": mock.sentinel.service}
+
+        self.assertEqual(util.current_service(request), mock.sentinel.service)
+
+    def test_current_service_returns_none_for_unexisting_patterns(self):
+        request = mock.MagicMock()
+        request.matched_route.pattern = "/unexisting"
+        request.registry.cornice_services = {}
+
+        self.assertEqual(util.current_service(request), None)
diff --git a/tests/core/cornice/test_validation.py b/tests/core/cornice/test_validation.py
new file mode 100644
index 000000000..5ced07357
--- /dev/null
+++ b/tests/core/cornice/test_validation.py
@@ -0,0 +1,419 @@
+# -*- encoding: utf-8 -*-
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+import json
+import unittest
+from unittest import TestCase, mock
+
+from pyramid.request import Request
+from webtest import TestApp
+
+from kinto.core.cornice.errors import Errors
+from kinto.core.cornice.service import clear_services
+from kinto.core.cornice.validators import (
+    colander_validator,
+    extract_cstruct,
+)
+
+from .support import DummyRequest, LoggingCatcher
+from .validationapp import main
+
+
+class TestServiceDefinition(LoggingCatcher, TestCase):
+    def tearDown(self):
+        clear_services()
+        return super().tearDown()
+
+    def test_validation(self):
+        app = TestApp(main({}))
+        app.get("/service", status=400)
+
+        response = app.post("/service", params="buh", status=400)
+        self.assertTrue(b"Not a json body" in response.body)
+
+        response = app.post("/service", params=json.dumps("buh"))
+
+        expected = json.dumps({"body": '"buh"'}).encode("ascii")
+        self.assertEqual(response.body, expected)
+
+        app.get("/service?paid=yup")
+
+        # valid = foo is one
+        response = app.get("/service?foo=1&paid=yup")
+        self.assertEqual(response.json["foo"], 1)
+
+        # invalid value for foo
+        response = app.get("/service?foo=buh&paid=yup", status=400)
+
+        # check that json is returned
+        errors = Errors()
+        for err in json.loads(response.body).get("errors", []):
+            errors.add("body", err)
+        self.assertEqual(len(errors), 1)
+
+    def test_validation_hooked_error_response(self):
+        app = TestApp(main({}))
+
+        response = app.post("/service4", status=400)
+        self.assertTrue(b"<errors>" in response.body)
+
+    def test_accept(self):
+        # tests that the accept headers are handled the proper way
+        app = TestApp(main({}))
+
+        # requesting the wrong accept header should return a 406 ...
+        response = app.get("/service2", headers={"Accept": "audio/*"}, status=406)
+
+        # ... with the list of accepted content-types
+        error_location = response.json["errors"][0]["location"]
+        error_name = response.json["errors"][0]["name"]
+        error_description = response.json["errors"][0]["description"]
+        self.assertEqual("header", error_location)
+        self.assertEqual("Accept", error_name)
+        self.assertIn("application/json", error_description)
+        self.assertIn("text/plain", error_description)
+
+        # requesting a supported type should give an appropriate response type
+        response = app.get("/service2", headers={"Accept": "application/*"})
+        self.assertEqual(response.content_type, "application/json")
+
+        response = app.get("/service2", headers={"Accept": "text/plain"})
+        self.assertEqual(response.content_type, "text/plain")
+
+        # it should also work with multiple Accept headers
+        response = app.get("/service2", headers={"Accept": "audio/*, application/*"})
+        self.assertEqual(response.content_type, "application/json")
+
+        # and requested preference order should be respected
+        headers = {"Accept": "application/json; q=1.0, text/plain; q=0.9"}
+        response = app.get("/service2", headers=headers)
+        self.assertEqual(response.content_type, "application/json")
+
+        headers = {"Accept": "application/json; q=0.9, text/plain; q=1.0"}
+        response = app.get("/service2", headers=headers)
+        self.assertEqual(response.content_type, "text/plain")
+
+        # test that using a callable to define what's accepted works as well
+        response = app.get("/service3", headers={"Accept": "audio/*"}, status=406)
+        error_description = response.json["errors"][0]["description"]
+        self.assertIn("application/json", error_description)
+
+        response = app.get("/service3", headers={"Accept": "text/*"})
+        self.assertEqual(response.content_type, "text/plain")
+
+        # Test that using a callable to define what's accepted works as well.
+        # Now, the callable returns a scalar instead of a list.
+        response = app.put("/service3", headers={"Accept": "audio/*"}, status=406)
+        error_description = response.json["errors"][0]["description"]
+        self.assertIn("application/json", error_description)
+
+        response = app.put("/service3", headers={"Accept": "text/*"})
+        self.assertEqual(response.content_type, "text/plain")
+
+        # If we are not asking for a particular content-type,
+        # we should get one of the two types that the service supports.
+        response = app.get("/service2")
+        self.assertIn(response.content_type, ("application/json", "text/plain"))
+
+    def test_accept_issue_113_text_star(self):
+        app = TestApp(main({}))
+
+        response = app.get("/service3", headers={"Accept": "text/*"})
+        self.assertEqual(response.content_type, "text/plain")
+
+    def test_accept_issue_113_text_application_star(self):
+        app = TestApp(main({}))
+
+        response = app.get("/service3", headers={"Accept": "application/*"})
+        self.assertEqual(response.content_type, "application/json")
+
+    def test_accept_issue_113_text_application_json(self):
+        app = TestApp(main({}))
+
+        response = app.get("/service3", headers={"Accept": "application/json"})
+        self.assertEqual(response.content_type, "application/json")
+
+    def test_accept_issue_113_text_html_not_acceptable(self):
+        app = TestApp(main({}))
+
+        # Requesting an unsupported content type should
+        # return HTTP response "406 Not Acceptable".
+        app.get("/service3", headers={"Accept": "text/html"}, status=406)
+
+    def test_accept_issue_113_audio_or_text(self):
+        app = TestApp(main({}))
+
+        response = app.get("/service2", headers={"Accept": "audio/mp4; q=0.9, text/plain; q=0.5"})
+        self.assertEqual(response.content_type, "text/plain")
+
+        # If we are not asking for a particular content-type,
+        # we should get one of the two types that the service supports.
+        response = app.get("/service2")
+        self.assertIn(response.content_type, ("application/json", "text/plain"))
+
+    def test_override_default_accept_issue_252(self):
+        # Override default acceptable content_types for interoperate with
+        # legacy applications i.e. ExtJS 3.
+        from kinto.core.cornice.renderer import CorniceRenderer
+
+        CorniceRenderer.acceptable += ("text/html",)
+
+        app = TestApp(main({}))
+
+        response = app.get("/service5", headers={"Accept": "text/html"})
+        self.assertEqual(response.content_type, "text/html")
+        # revert the override
+        CorniceRenderer.acceptable = CorniceRenderer.acceptable[:-1]
+
+    def test_multiple_querystrings(self):
+        app = TestApp(main({}))
+
+        # it is possible to have more than one value with the same name in the
+        # querystring
+        self.assertEqual(b'{"field": ["5"]}', app.get("/foobaz?field=5").body)
+        self.assertEqual(b'{"field": ["5", "2"]}', app.get("/foobaz?field=5&field=2").body)
+
+    def test_content_type_missing(self):
+        # test that a Content-Type request headers is present
+        app = TestApp(main({}))
+
+        # Requesting without a Content-Type header should
+        # return "415 Unsupported Media Type" ...
+        request = app.RequestClass.blank("/service5", method="POST", POST="some data")
+        response = app.do_request(request, 415, True)
+        self.assertEqual(response.status_code, 415)
+
+        # ... with an appropriate json error structure.
+        error_location = response.json["errors"][0]["location"]
+        error_name = response.json["errors"][0]["name"]
+        error_description = response.json["errors"][0]["description"]
+        self.assertEqual("header", error_location)
+        self.assertEqual("Content-Type", error_name)
+        self.assertIn("application/json", error_description)
+
+    def test_validated_body_content_from_schema(self):
+        app = TestApp(main({}))
+        content = {"email": "alexis@notmyidea.org"}
+        response = app.post_json("/newsletter", params=content)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json["body"], content)
+
+    def test_validated_querystring_content_from_schema(self):
+        app = TestApp(main({}))
+        response = app.post_json("/newsletter?ref=3")
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json["querystring"], {"ref": 3})
+
+    def test_validated_querystring_and_schema_from_same_schema(self):
+        app = TestApp(main({}))
+        content = {"email": "alexis@notmyidea.org"}
+        response = app.post_json("/newsletter?ref=20", params=content)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json["body"], content)
+        self.assertEqual(response.json["querystring"], {"ref": 20})
+
+        response = app.post_json("/newsletter?ref=2", params=content, status=400)
+        self.assertEqual(response.status_code, 400)
+        error = {"location": "body", "name": "email", "description": "Invalid email length"}
+        self.assertEqual(response.json["errors"][0], error)
+
+    def test_validated_path_content_from_schema(self):
+        # Test validation request.matchdict.  (See #411)
+        app = TestApp(main({}))
+        response = app.get("/item/42", status=200)
+        self.assertEqual(response.json, {"item_id": 42})
+
+    def test_content_type_with_no_body_should_pass(self):
+        app = TestApp(main({}))
+
+        request = app.RequestClass.blank(
+            "/newsletter", method="POST", headers={"Content-Type": "application/json"}
+        )
+        response = app.do_request(request, 200, True)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json["body"], {})
+
+    def test_content_type_missing_with_no_body_should_pass(self):
+        app = TestApp(main({}))
+
+        # requesting without a Content-Type header nor a body should
+        # return a 200.
+        request = app.RequestClass.blank("/newsletter", method="POST")
+        response = app.do_request(request, 200, True)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json["body"], {})
+
+    def test_content_type_wrong_single(self):
+        # Tests that the Content-Type request header satisfies the requirement.
+        app = TestApp(main({}))
+
+        # Requesting the wrong Content-Type header should
+        # return "415 Unsupported Media Type" ...
+        response = app.post("/service5", headers={"Content-Type": "text/plain"}, status=415)
+
+        # ... with an appropriate json error structure.
+        error_description = response.json["errors"][0]["description"]
+        self.assertIn("application/json", error_description)
+
+    def test_content_type_wrong_multiple(self):
+        # Tests that the Content-Type request header satisfies the requirement.
+        app = TestApp(main({}))
+
+        # Requesting without a Content-Type header should
+        # return "415 Unsupported Media Type" ...
+        response = app.put("/service5", headers={"Content-Type": "text/xml"}, status=415)
+
+        # ... with an appropriate json error structure.
+        error_description = response.json["errors"][0]["description"]
+        self.assertIn("text/plain", error_description)
+        self.assertIn("application/json", error_description)
+
+    def test_content_type_correct(self):
+        # Tests that the Content-Type request header satisfies the requirement.
+        app = TestApp(main({}))
+
+        # Requesting with one of the allowed Content-Type headers should work,
+        # even when having a charset parameter as suffix.
+        response = app.put("/service5", headers={"Content-Type": "text/plain; charset=utf-8"})
+        self.assertEqual(response.json, "some response")
+
+    def test_content_type_on_get(self):
+        # Test that a Content-Type request header is not
+        # checked on GET requests, they don't usually have a body.
+        app = TestApp(main({}))
+        response = app.get("/service5")
+        self.assertEqual(response.json, "some response")
+
+    def test_content_type_with_callable(self):
+        # Test that using a callable for content_type works as well.
+        app = TestApp(main({}))
+        response = app.post("/service6", headers={"Content-Type": "audio/*"}, status=415)
+        error_description = response.json["errors"][0]["description"]
+        self.assertIn("text/xml", error_description)
+        self.assertIn("application/json", error_description)
+
+    def test_content_type_with_callable_returning_scalar(self):
+        # Test that using a callable for content_type works as well.
+        # Now, the callable returns a scalar instead of a list.
+        app = TestApp(main({}))
+        response = app.put("/service6", headers={"Content-Type": "audio/*"}, status=415)
+        error_description = response.json["errors"][0]["description"]
+        self.assertIn("text/xml", error_description)
+
+    def test_accept_and_content_type(self):
+        # Tests that using both the "Accept" and "Content-Type"
+        # request headers satisfy the requirement.
+        app = TestApp(main({}))
+
+        # POST endpoint just has one accept and content_type definition
+        response = app.post(
+            "/service7",
+            headers={
+                "Accept": "text/xml, application/json",
+                "Content-Type": "application/json; charset=utf-8",
+            },
+        )
+        self.assertEqual(response.json, "some response")
+
+        response = app.post(
+            "/service7",
+            headers={
+                "Accept": "text/plain, application/json",
+                "Content-Type": "application/json; charset=utf-8",
+            },
+            status=406,
+        )
+
+        response = app.post(
+            "/service7",
+            headers={
+                "Accept": "text/xml, application/json",
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            status=415,
+        )
+
+        # PUT endpoint has a list of accept and content_type definitions
+        response = app.put(
+            "/service7",
+            headers={
+                "Accept": "text/xml, application/json",
+                "Content-Type": "application/json; charset=utf-8",
+            },
+        )
+        self.assertEqual(response.json, "some response")
+
+        response = app.put(
+            "/service7",
+            headers={"Accept": "audio/*", "Content-Type": "application/json; charset=utf-8"},
+            status=406,
+        )
+
+        response = app.put(
+            "/service7",
+            headers={
+                "Accept": "text/xml, application/json",
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            status=415,
+        )
+
+
+class TestErrorMessageTranslationColander(TestCase):
+    def tearDown(self):
+        clear_services()
+        return super().tearDown()
+
+    def post(self, settings={}, headers={}):
+        app = TestApp(main({}, **settings))
+        return app.post_json(
+            "/foobar?yeah=test",
+            {
+                "foo": "hello",
+                "bar": "open",
+                "yeah": "man",
+                "ipsum": 10,
+            },
+            status=400,
+            headers=headers,
+        )
+
+    def assertErrorDescription(self, response, message):
+        error_description = response.json["errors"][0]["description"]
+        self.assertEqual(error_description, message)
+
+    def test_no_language_settings(self):
+        response = self.post()
+        self.assertErrorDescription(response, "10 is greater than maximum value 3")
+
+
+class TestValidatorEdgeCases(TestCase):
+    def test_no_schema(self):
+        request = DummyRequest()
+        request.validated = mock.sentinel.validated
+        colander_validator(request)
+        self.assertEqual(request.validated, mock.sentinel.validated)
+        self.assertEqual(len(request.errors), 0)
+
+    def _no_body_schema(self):
+        request = DummyRequest()
+        request.validated = mock.sentinel.validated
+        colander_validator(request)
+        self.assertEqual(request.validated, mock.sentinel.validated)
+        self.assertEqual(len(request.errors), 0)
+
+
+class TestExtractedJSONValueTypes(unittest.TestCase):
+    """Make sure that all JSON string values extracted from the request
+    are unicode when running using PY2.
+    """
+
+    def test_extracted_json_values(self):
+        """Extracted JSON values are unicode in PY2."""
+        body = b'{"foo": "bar", "currency": "\xe2\x82\xac"}'
+        request = Request.blank("/", body=body)
+        data = extract_cstruct(request)
+        self.assertEqual(type(data["body"]["foo"]), str)
+        self.assertEqual(type(data["body"]["currency"]), str)
+        self.assertEqual(data["body"]["currency"], "€")
diff --git a/tests/core/cornice/validationapp.py b/tests/core/cornice/validationapp.py
new file mode 100644
index 000000000..e153b0cb0
--- /dev/null
+++ b/tests/core/cornice/validationapp.py
@@ -0,0 +1,346 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+import json
+
+from colander import (
+    Email,
+    Integer,
+    Invalid,
+    MappingSchema,
+    Range,
+    SchemaNode,
+    SequenceSchema,
+    String,
+    deferred,
+    drop,
+    null,
+)
+from pyramid.config import Configurator
+from pyramid.httpexceptions import HTTPBadRequest
+
+from kinto.core.cornice import Service
+from kinto.core.cornice.validators import colander_validator
+
+from .support import CatchErrors
+
+
+# Service for testing callback-based validators.
+service = Service(name="service", path="/service")
+
+
+def has_payed(request, **kw):
+    if "paid" not in request.GET:
+        request.errors.add("body", "paid", "You must pay!")
+
+
+def foo_int(request, **kw):
+    if "foo" not in request.GET:
+        return
+    try:
+        request.validated["foo"] = int(request.GET["foo"])
+    except ValueError:
+        request.errors.add("url", "foo", "Not an int")
+
+
+@service.get(validators=(has_payed, foo_int))
+def get1(request):
+    res = {"test": "succeeded"}
+    try:
+        res["foo"] = request.validated["foo"]
+    except KeyError:
+        pass
+
+    return res
+
+
+def _json(request, **kw):
+    """The request body should be a JSON object."""
+    try:
+        request.validated["json"] = json.loads(request.body.decode("utf-8"))
+    except ValueError:
+        request.errors.add("body", "json", "Not a json body")
+
+
+@service.post(validators=_json)
+def post1(request):
+    return {"body": request.body}
+
+
+# Service for testing the "accept" parameter (scalar and list).
+service2 = Service(name="service2", path="/service2")
+
+
+@service2.get(accept=("application/json"))
+@service2.get(accept=("text/plain"), renderer="string")
+def get2(request):
+    return {"body": "yay!"}
+
+
+# Service for testing the "accept" parameter (callable).
+service3 = Service(name="service3", path="/service3")
+
+
+@service3.get(accept=lambda request: ("application/json", "text/plain"))
+@service3.put(accept=lambda request: ("application/json", "text/plain"))
+def get3(request):
+    return {"body": "yay!"}
+
+
+service4 = Service(name="service4", path="/service4")
+
+
+def fail(request, **kw):
+    request.errors.add("body", "xml", "Not XML")
+
+
+def xml_error(request):
+    errors = request.errors
+    lines = ["<errors>"]
+    for error in errors:
+        lines.append(
+            "<error>"
+            "<location>%(location)s</location>"
+            "<type>%(name)s</type>"
+            "<message>%(description)s</message>"
+            "</error>" % error
+        )
+    lines.append("</errors>")
+    return HTTPBadRequest(body="".join(lines))
+
+
+@service4.post(validators=fail, error_handler=xml_error)
+def post4(request):
+    raise ValueError("Shouldn't get here")
+
+
+# Service for testing the "content_type" parameter (scalar and list).
+service5 = Service(name="service5", path="/service5")
+
+
+@service5.get()
+@service5.post(content_type="application/json")
+@service5.put(content_type=("text/plain", "application/json"))
+def post5(request):
+    return "some response"
+
+
+# Service for testing the "content_type" parameter (callable).
+service6 = Service(name="service6", path="/service6")
+
+
+@service6.post(content_type=lambda request: ("text/xml", "application/json"))
+@service6.put(content_type=lambda request: "text/xml")
+def post6(request):
+    return {"body": "yay!"}
+
+
+# Service for testing a mix of "accept" and "content_type" parameters.
+service7 = Service(name="service7", path="/service7")
+
+
+@service7.post(accept="text/xml", content_type="application/json")
+@service7.put(accept=("text/xml", "text/plain"), content_type=("application/json", "text/xml"))
+def post7(request):
+    return "some response"
+
+
+# services for colander validation
+signup = Service(name="signup", path="/signup")
+bound = Service(name="bound", path="/bound")
+group_signup = Service(name="group signup", path="/group_signup")
+body_group_signup = Service(name="body_group signup", path="/body_group_signup")
+body_signup = Service(name="body signup", path="/body_signup")
+foobar = Service(name="foobar", path="/foobar")
+foobaz = Service(name="foobaz", path="/foobaz")
+email_service = Service(name="newsletter", path="/newsletter")
+item_service = Service(name="item", path="/item/{item_id}")
+form_service = Service(name="form", path="/form")
+
+
+class SignupSchema(MappingSchema):
+    username = SchemaNode(String())
+
+
+@deferred
+def deferred_missing(node, kw):
+    import random
+
+    return kw.get("missing_foo") or random.random()
+
+
+class NeedsBindingSchema(MappingSchema):
+    somefield = SchemaNode(String(), missing=deferred_missing)
+
+
+def rebinding_validator(request, **kwargs):
+    kwargs["schema"] = NeedsBindingSchema().bind()
+    return colander_validator(request, **kwargs)
+
+
+@bound.post(schema=NeedsBindingSchema().bind(), validators=(rebinding_validator,))
+def bound_post(request):
+    return request.validated
+
+
+@bound.post(
+    schema=NeedsBindingSchema().bind(missing_foo=-10),
+    validators=(colander_validator,),
+    header="X-foo",
+)
+def bound_post_with_override(request):
+    return request.validated
+
+
+@signup.post(schema=SignupSchema(), validators=(colander_validator,))
+def signup_post(request):
+    return request.validated
+
+
+class GroupSignupSchema(SequenceSchema):
+    user = SignupSchema()
+
+
+@group_signup.post(schema=GroupSignupSchema(), validators=(colander_validator,))
+def group_signup_post(request):
+    return {"data": request.validated}
+
+
+class BodyGroupSignupSchema(MappingSchema):
+    body = GroupSignupSchema()
+
+
+@body_group_signup.post(schema=BodyGroupSignupSchema(), validators=(colander_validator,))
+def body_group_signup_post(request):
+    return {"data": request.validated["body"]}
+
+
+class BodySignupSchema(MappingSchema):
+    body = SignupSchema()
+
+
+@body_signup.post(schema=BodySignupSchema(), validators=(colander_validator,))
+def body_signup_post(request):
+    return {"data": request.validated}
+
+
+def validate_bar(node, value, **kwargs):
+    if value != "open":
+        raise Invalid(node, "The bar is not open.")
+
+
+class Integers(SequenceSchema):
+    integer = SchemaNode(Integer(), type="int")
+
+
+class BodySchema(MappingSchema):
+    # foo and bar are required, baz is optional
+    foo = SchemaNode(String())
+    bar = SchemaNode(String(), validator=validate_bar)
+    baz = SchemaNode(String(), missing=None)
+    ipsum = SchemaNode(Integer(), missing=1, validator=Range(0, 3))
+    integers = Integers(missing=())
+
+
+class Query(MappingSchema):
+    yeah = SchemaNode(String(), type="str")
+
+
+class RequestSchema(MappingSchema):
+    body = BodySchema()
+    querystring = Query()
+
+    def deserialize(self, cstruct):
+        if "body" in cstruct and cstruct["body"] == b"hello,open,yeah":
+            values = cstruct["body"].decode().split(",")
+            cstruct["body"] = dict(zip(["foo", "bar", "yeah"], values))
+
+        return MappingSchema.deserialize(self, cstruct)
+
+
+@foobar.post(schema=RequestSchema(), validators=(colander_validator,))
+def foobar_post(request):
+    return {"test": "succeeded"}
+
+
+class StringSequence(SequenceSchema):
+    _ = SchemaNode(String())
+
+
+class ListQuerystringSequence(MappingSchema):
+    field = StringSequence()
+
+    def deserialize(self, cstruct):
+        if "field" in cstruct and not isinstance(cstruct["field"], list):
+            cstruct["field"] = [cstruct["field"]]
+        return MappingSchema.deserialize(self, cstruct)
+
+
+class QSSchema(MappingSchema):
+    querystring = ListQuerystringSequence()
+
+
+@foobaz.get(schema=QSSchema(), validators=(colander_validator,))
+def foobaz_get(request):
+    return {"field": request.validated["querystring"]["field"]}
+
+
+class NewsletterSchema(MappingSchema):
+    email = SchemaNode(String(), validator=Email(), missing=drop)
+
+
+class RefererSchema(MappingSchema):
+    ref = SchemaNode(Integer(), missing=drop)
+
+
+class NewsletterPayload(MappingSchema):
+    body = NewsletterSchema()
+    querystring = RefererSchema()
+
+    def deserialize(self, cstruct=null):
+        appstruct = super(NewsletterPayload, self).deserialize(cstruct)
+        email = appstruct["body"].get("email")
+        ref = appstruct["querystring"].get("ref")
+        if email and ref and len(email) != ref:
+            body_node, _ = self.children
+            exc = Invalid(body_node)
+            exc["email"] = "Invalid email length"
+            raise exc
+        return appstruct
+
+
+@email_service.post(schema=NewsletterPayload(), validators=(colander_validator,))
+def newsletter(request):
+    return request.validated
+
+
+class ItemPathSchema(MappingSchema):
+    item_id = SchemaNode(Integer())
+
+
+class ItemSchema(MappingSchema):
+    path = ItemPathSchema()
+
+
+@item_service.get(schema=ItemSchema(), validators=(colander_validator,))
+def item(request):
+    return request.validated["path"]
+
+
+class FormSchema(MappingSchema):
+    field1 = SchemaNode(String())
+    field2 = SchemaNode(String())
+
+
+@form_service.post(schema=FormSchema(), validators=(colander_validator,))
+def form(request):
+    return request.validated
+
+
+def main(global_config, **settings):
+    config = Configurator(settings=settings)
+    config.include("kinto.core.cornice")
+    config.scan("tests.core.cornice.validationapp")
+    # used for simulating pyramid session object access in validators
+    config.add_request_method(lambda x: "secret", "get_csrf")
+    return CatchErrors(config.make_wsgi_app())
diff --git a/tests/core/cornice_swagger/__init__.py b/tests/core/cornice_swagger/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/core/cornice_swagger/converters/__init__.py b/tests/core/cornice_swagger/converters/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/core/cornice_swagger/converters/test_parameters.py b/tests/core/cornice_swagger/converters/test_parameters.py
new file mode 100644
index 000000000..e5f12c234
--- /dev/null
+++ b/tests/core/cornice_swagger/converters/test_parameters.py
@@ -0,0 +1,115 @@
+import unittest
+
+import colander
+
+from kinto.core.cornice_swagger.converters import convert_parameter, convert_schema
+from kinto.core.cornice_swagger.converters.exceptions import NoSuchConverter
+
+
+class ParameterConversionTest(unittest.TestCase):
+    def test_path(self):
+        node = colander.SchemaNode(colander.String(), name="foo")
+        ret = convert_parameter("path", node)
+        self.assertDictEqual(
+            ret,
+            {
+                "in": "path",
+                "name": "foo",
+                "type": "string",
+                "required": True,
+            },
+        )
+
+    def test_query(self):
+        node = colander.SchemaNode(colander.String(), name="bar")
+        ret = convert_parameter("querystring", node)
+        self.assertDictEqual(
+            ret,
+            {
+                "in": "query",
+                "name": "bar",
+                "type": "string",
+                "required": True,
+            },
+        )
+
+    def test_query_array(self):
+        class MyArray(colander.SequenceSchema):
+            values = colander.SchemaNode(colander.String())
+
+        node = MyArray(name="bar")
+        ret = convert_parameter("querystring", node)
+        self.assertDictEqual(
+            ret,
+            {
+                "in": "query",
+                "name": "bar",
+                "type": "array",
+                "items": {"type": "string"},
+                "required": True,
+            },
+        )
+
+    def test_header(self):
+        node = colander.SchemaNode(colander.String(), name="meh")
+        ret = convert_parameter("headers", node)
+        self.assertDictEqual(
+            ret,
+            {
+                "in": "header",
+                "name": "meh",
+                "type": "string",
+                "required": True,
+            },
+        )
+
+    def test_body_array(self):
+        class MyArray(colander.SequenceSchema):
+            values = colander.SchemaNode(colander.String())
+
+        node = MyArray(name="bla")
+        ret = convert_parameter("body", node)
+        self.assertDictEqual(
+            ret,
+            {
+                "in": "body",
+                "name": "bla",
+                "required": True,
+                "schema": convert_schema(MyArray(title="MyArray")),
+            },
+        )
+
+    def test_body(self):
+        class MyBody(colander.MappingSchema):
+            foo = colander.SchemaNode(colander.String())
+            bar = colander.SchemaNode(colander.String())
+
+        node = MyBody(name="bla")
+        ret = convert_parameter("body", node)
+        self.assertDictEqual(
+            ret,
+            {
+                "in": "body",
+                "name": "bla",
+                "required": True,
+                "schema": convert_schema(MyBody(title="MyBody")),
+            },
+        )
+
+    def test_supports_description(self):
+        node = colander.SchemaNode(colander.String(), name="bar", description="tyred")
+        ret = convert_parameter("querystring", node)
+        self.assertDictEqual(
+            ret,
+            {
+                "in": "query",
+                "name": "bar",
+                "type": "string",
+                "required": True,
+                "description": "tyred",
+            },
+        )
+
+    def test_raise_no_such_converter_on_invalid_location(self):
+        node = colander.SchemaNode(colander.String(), name="foo")
+        self.assertRaises(NoSuchConverter, convert_parameter, "aaa", node)
diff --git a/tests/core/cornice_swagger/converters/test_schema.py b/tests/core/cornice_swagger/converters/test_schema.py
new file mode 100644
index 000000000..e35c990c7
--- /dev/null
+++ b/tests/core/cornice_swagger/converters/test_schema.py
@@ -0,0 +1,337 @@
+import unittest
+
+import colander
+
+from kinto.core.cornice_swagger.converters import TypeConversionDispatcher
+from kinto.core.cornice_swagger.converters import convert_schema as convert
+from kinto.core.cornice_swagger.converters.exceptions import NoSuchConverter
+
+from ..support import AnyType, AnyTypeConverter
+
+
+class ConversionTest(unittest.TestCase):
+    def test_validate_all(self):
+        node = colander.SchemaNode(
+            colander.String(),
+            validator=colander.All(colander.Length(12, 42), colander.Regex(r"foo*bar")),
+        )
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "pattern": "foo*bar",
+                "maxLength": 42,
+                "minLength": 12,
+            },
+        )
+
+    def test_support_custom_converters(self):
+        node = colander.SchemaNode(AnyType())
+        custom_converters = {AnyType: AnyTypeConverter}
+        converter = TypeConversionDispatcher(custom_converters)
+        ret = converter(node)
+        self.assertEqual(ret, {})
+
+    def test_support_default_converter(self):
+        node = colander.SchemaNode(AnyType())
+        converter = TypeConversionDispatcher(default_converter=AnyTypeConverter)
+        ret = converter(node)
+        self.assertEqual(ret, {})
+
+    def test_raise_no_such_converter_on_invalid_type(self):
+        node = colander.SchemaNode(dict)
+        self.assertRaises(NoSuchConverter, convert, node)
+
+
+class StringConversionTest(unittest.TestCase):
+    def test_sanity(self):
+        node = colander.SchemaNode(colander.String())
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+            },
+        )
+
+    def test_validate_default(self):
+        node = colander.SchemaNode(colander.String(), missing="foo")
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "default": "foo",
+            },
+        )
+
+    def test_validate_length(self):
+        node = colander.SchemaNode(colander.String(), validator=colander.Length(12, 42))
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "maxLength": 42,
+                "minLength": 12,
+            },
+        )
+
+    def test_validate_regex(self):
+        node = colander.SchemaNode(colander.String(), validator=colander.Regex(r"foo*bar"))
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "pattern": "foo*bar",
+            },
+        )
+
+    def test_validate_regex_email(self):
+        node = colander.SchemaNode(colander.String(), validator=colander.Email())
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "format": "email",
+            },
+        )
+
+    def test_validate_regex_url(self):
+        node = colander.SchemaNode(colander.String(), validator=colander.url)
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "format": "url",
+            },
+        )
+
+    def test_validate_oneof(self):
+        node = colander.SchemaNode(colander.String(), validator=colander.OneOf(["one", "two"]))
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "enum": ["one", "two"],
+            },
+        )
+
+    def test_title(self):
+        node = colander.SchemaNode(colander.String(), title="foo")
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "title": "foo",
+            },
+        )
+
+    def test_description(self):
+        node = colander.SchemaNode(colander.String(), description="bar")
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "description": "bar",
+            },
+        )
+
+
+class IntegerConversionTest(unittest.TestCase):
+    def test_sanity(self):
+        node = colander.SchemaNode(colander.Integer())
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "integer",
+            },
+        )
+
+    def test_default(self):
+        node = colander.SchemaNode(colander.Integer(), missing=1)
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "integer",
+                "default": 1,
+            },
+        )
+
+    def test_enum(self):
+        node = colander.SchemaNode(colander.Integer(), validator=colander.OneOf([1, 2, 3, 4]))
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "integer",
+                "enum": [1, 2, 3, 4],
+            },
+        )
+
+    def test_range(self):
+        node = colander.SchemaNode(colander.Integer(), validator=colander.Range(111, 555))
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "integer",
+                "minimum": 111,
+                "maximum": 555,
+            },
+        )
+
+
+class DateTimeConversionTest(unittest.TestCase):
+    def test_sanity(self):
+        node = colander.SchemaNode(colander.DateTime())
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "string",
+                "format": "date-time",
+            },
+        )
+
+
+class MappingConversionTest(unittest.TestCase):
+    def test_sanity(self):
+        node = colander.MappingSchema()
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "object",
+            },
+        )
+
+    def test_required(self):
+        class Mapping(colander.MappingSchema):
+            foo = colander.SchemaNode(colander.String())
+
+        node = Mapping()
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "object",
+                "properties": {"foo": {"title": "Foo", "type": "string"}},
+                "required": ["foo"],
+            },
+        )
+
+    def test_not_required(self):
+        class Mapping(colander.MappingSchema):
+            foo = colander.SchemaNode(colander.String(), missing=colander.drop)
+
+        node = Mapping()
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "object",
+                "properties": {"foo": {"title": "Foo", "type": "string"}},
+            },
+        )
+
+    def test_nested_schema(self):
+        class BaseMapping(colander.MappingSchema):
+            foo = colander.SchemaNode(colander.String(), missing=colander.drop)
+
+        class TopMapping(colander.MappingSchema):
+            bar = BaseMapping(missing=colander.drop)
+
+        node = TopMapping()
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "object",
+                "properties": {
+                    "bar": {
+                        "title": "Bar",
+                        "type": "object",
+                        "properties": {"foo": {"title": "Foo", "type": "string"}},
+                    }
+                },
+            },
+        )
+
+    def test_open_schema(self):
+        class Mapping(colander.MappingSchema):
+            foo = colander.SchemaNode(colander.String(), missing=colander.drop)
+
+            @staticmethod
+            def schema_type():
+                return colander.Mapping(unknown="preserve")
+
+        node = Mapping()
+        ret = convert(node)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "object",
+                "properties": {"foo": {"title": "Foo", "type": "string"}},
+                "additionalProperties": {},
+            },
+        )
+
+
+class SequenceConversionTest(unittest.TestCase):
+    def primitive_sequence_test(self):
+        class Integers(colander.SequenceSchema):
+            num = colander.SchemaNode(colander.Integer())
+
+        ret = convert(Integers)
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "array",
+                "items": {
+                    "type": "integer",
+                },
+            },
+        )
+
+    def mapping_sequence_test(self):
+        class BaseMapping(colander.MappingSchema):
+            name = colander.SchemaNode(colander.String())
+            number = colander.SchemaNode(colander.Integer())
+
+        class BaseMappings(colander.SequenceSchema):
+            base_mapping = BaseMapping()
+
+        schema = BaseMappings()
+        ret = convert(schema)
+
+        self.assertDictEqual(
+            ret,
+            {
+                "type": "array",
+                "items": {
+                    "type": "object",
+                    "properties": {
+                        "name": {
+                            "type": "string",
+                            "title": "Name",
+                        },
+                        "number": {
+                            "type": "integer",
+                            "title": "Number",
+                        },
+                    },
+                    "required": ["name", "number"],
+                    "title": "Base Mapping",
+                },
+            },
+        )
diff --git a/tests/core/cornice_swagger/support.py b/tests/core/cornice_swagger/support.py
new file mode 100644
index 000000000..2c92ddbcb
--- /dev/null
+++ b/tests/core/cornice_swagger/support.py
@@ -0,0 +1,73 @@
+import colander
+
+from kinto.core.cornice_swagger.converters.schema import TypeConverter
+
+
+class MyNestedSchema(colander.MappingSchema):
+    my_precious = colander.SchemaNode(colander.Boolean())
+
+
+class BodySchema(colander.MappingSchema):
+    id = colander.SchemaNode(colander.String())
+    timestamp = colander.SchemaNode(colander.Int())
+    obj = MyNestedSchema()
+    ex = colander.SchemaNode(colander.String(), missing=colander.drop, example="example string")
+
+
+class QuerySchema(colander.MappingSchema):
+    foo = colander.SchemaNode(
+        colander.String(), validator=colander.Length(3), missing=colander.drop
+    )
+
+
+class HeaderSchema(colander.MappingSchema):
+    bar = colander.SchemaNode(colander.String(), missing=colander.drop)
+
+
+class PathSchema(colander.MappingSchema):
+    meh = colander.SchemaNode(colander.String(), default="default")
+
+
+class GetRequestSchema(colander.MappingSchema):
+    querystring = QuerySchema()
+
+
+class PutRequestSchema(colander.MappingSchema):
+    body = BodySchema()
+    querystring = QuerySchema()
+    header = HeaderSchema()
+
+
+class ResponseSchema(colander.MappingSchema):
+    body = BodySchema()
+    header = HeaderSchema()
+
+
+response_schemas = {
+    "200": ResponseSchema(description="Return ice cream"),
+    "404": ResponseSchema(description="Return sadness"),
+}
+
+
+class DeclarativeSchema(colander.MappingSchema):
+    @colander.instantiate(description="my body")
+    class body(colander.MappingSchema):
+        id = colander.SchemaNode(colander.String())
+
+
+class AnotherDeclarativeSchema(colander.MappingSchema):
+    @colander.instantiate(description="my another body")
+    class body(colander.MappingSchema):
+        timestamp = colander.SchemaNode(colander.Int())
+
+
+class AnyType(colander.SchemaType):
+    """A simple custom colander type."""
+
+    def deserialize(self, cstruct=colander.null):
+        return cstruct
+
+
+class AnyTypeConverter(TypeConverter):
+    def __call__(self, schema_node):
+        return {}
diff --git a/tests/core/cornice_swagger/test_app.py b/tests/core/cornice_swagger/test_app.py
new file mode 100644
index 000000000..c9a7463e9
--- /dev/null
+++ b/tests/core/cornice_swagger/test_app.py
@@ -0,0 +1,93 @@
+import unittest
+
+import webtest
+from flex.core import validate
+from pyramid import testing
+
+from kinto.core.cornice import Service
+from kinto.core.cornice.service import clear_services, get_services
+from kinto.core.cornice.validators import colander_validator
+from kinto.core.cornice_swagger import CorniceSwagger
+
+from .support import GetRequestSchema, PutRequestSchema, response_schemas
+
+
+class AppTest(unittest.TestCase):
+    def tearDown(self):
+        clear_services()
+        testing.tearDown()
+
+    def setUp(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        @service.get(
+            validators=(colander_validator,),
+            schema=GetRequestSchema(),
+            response_schemas=response_schemas,
+        )
+        def view_get(request):
+            """Serve icecream"""
+            return request.validated
+
+        @service.put(validators=(colander_validator,), schema=PutRequestSchema())
+        def view_put(request):
+            """Add flavour"""
+            return request.validated
+
+        api_service = Service("OpenAPI", "/api")
+
+        @api_service.get()
+        def api_get(request):
+            swagger = CorniceSwagger([service, api_service])
+            return swagger.generate("IceCreamAPI", "4.2")
+
+        self.config = testing.setUp()
+        self.config.add_route("ice_test", "/ice_test/{flavour}")
+        self.config.include("kinto.core.cornice")
+        self.config.include("kinto.core.cornice_swagger")
+        self.config.add_cornice_service(service)
+        self.config.add_cornice_service(api_service)
+        self.app = webtest.TestApp(self.config.make_wsgi_app())
+
+    def test_app_get(self):
+        self.app.get("/icecream/strawberry")
+
+    def test_app_put(self):
+        body = {"id": "chocolate", "timestamp": 123, "obj": {"my_precious": True}}
+        headers = {"bar": "foo"}
+        self.app.put_json("/icecream/chocolate", body, headers=headers)
+
+    def test_validate_spec(self):
+        spec = self.app.get("/api").json
+        validate(spec)
+
+
+class AppGoodRoutesTest(unittest.TestCase):
+    def tearDown(self):
+        clear_services()
+        testing.tearDown()
+
+    def setUp(self):
+        service = Service("Ice Route", pyramid_route="ice_test")
+
+        @service.get()
+        def view_get(request):
+            """Serve icecream"""
+            return request.validated
+
+        self.config = testing.setUp()
+        self.config.add_route("ice_test", "/ice_test/{flavour}")
+        self.config.include("kinto.core.cornice")
+        self.config.include("kinto.core.cornice_swagger")
+        self.config.add_cornice_service(service)
+        self.app = webtest.TestApp(self.config.make_wsgi_app())
+
+    def test_route_explicit_registry(self):
+        swagger = CorniceSwagger(get_services(), pyramid_registry=self.config.registry)
+        spec = swagger.generate("IceCreamAPI", "4.2")
+        self.assertIn("/ice_test/{flavour}", spec["paths"])
+
+    def test_route_fallback_registry(self):
+        swagger = CorniceSwagger(get_services())
+        spec = swagger.generate("IceCreamAPI", "4.2")
+        self.assertIn("/ice_test/{flavour}", spec["paths"])
diff --git a/tests/core/cornice_swagger/test_definition_handler.py b/tests/core/cornice_swagger/test_definition_handler.py
new file mode 100644
index 000000000..7c0337bb3
--- /dev/null
+++ b/tests/core/cornice_swagger/test_definition_handler.py
@@ -0,0 +1,45 @@
+import unittest
+
+import colander
+
+from kinto.core.cornice_swagger.converters import convert_schema as convert
+from kinto.core.cornice_swagger.swagger import DefinitionHandler
+
+
+class MyListSchema(colander.SequenceSchema):
+    entry = colander.SchemaNode(colander.String())
+
+
+class BoredoomSchema(colander.MappingSchema):
+    motivators = MyListSchema()
+    status = colander.SchemaNode(
+        colander.String(), validator=colander.OneOf(["increasing", "decrasing"])
+    )
+
+
+class AnxietySchema(colander.MappingSchema):
+    level = colander.SchemaNode(colander.Integer(), validator=colander.Range(42, 9000))
+
+
+class FeelingsSchema(colander.MappingSchema):
+    bleh = BoredoomSchema()
+    aaaa = AnxietySchema()
+
+
+class DefinitionTest(unittest.TestCase):
+    def setUp(self):
+        self.handler = DefinitionHandler()
+
+    def test_from_schema(self):
+        self.assertDictEqual(self.handler.from_schema(FeelingsSchema()), convert(FeelingsSchema()))
+
+
+class RefDefinitionTest(unittest.TestCase):
+    def test_single_level(self):
+        handler = DefinitionHandler(ref=1)
+        ref = handler.from_schema(FeelingsSchema(title="Feelings"))
+
+        self.assertEqual(ref, {"$ref": "#/definitions/Feelings"})
+        self.assertDictEqual(
+            handler.definition_registry["Feelings"], convert(FeelingsSchema(title="Feelings"))
+        )
diff --git a/tests/core/cornice_swagger/test_parameter_handler.py b/tests/core/cornice_swagger/test_parameter_handler.py
new file mode 100644
index 000000000..d53b70d0c
--- /dev/null
+++ b/tests/core/cornice_swagger/test_parameter_handler.py
@@ -0,0 +1,203 @@
+import unittest
+
+import colander
+
+from kinto.core.cornice_swagger.converters import convert_schema
+from kinto.core.cornice_swagger.swagger import DefinitionHandler, ParameterHandler
+
+from .support import (
+    AnotherDeclarativeSchema,
+    BodySchema,
+    DeclarativeSchema,
+    HeaderSchema,
+    PathSchema,
+    QuerySchema,
+)
+
+
+class SchemaParamConversionTest(unittest.TestCase):
+    def setUp(self):
+        self.handler = ParameterHandler()
+
+    def test_sanity(self):
+        node = colander.MappingSchema()
+        params = self.handler.from_schema(node)
+        self.assertEqual(params, [])
+
+    def test_covert_body_with_request_validator_schema(self):
+        class RequestSchema(colander.MappingSchema):
+            body = BodySchema()
+
+        node = RequestSchema()
+        params = self.handler.from_schema(node)
+        self.assertEqual(len(params), 1)
+
+        expected = {
+            "name": "BodySchema",
+            "in": "body",
+            "required": True,
+            "schema": convert_schema(BodySchema(title="BodySchema")),
+        }
+
+        self.assertDictEqual(params[0], expected)
+
+    def test_covert_query_with_request_validator_schema(self):
+        class RequestSchema(colander.MappingSchema):
+            querystring = QuerySchema()
+
+        node = RequestSchema()
+        params = self.handler.from_schema(node)
+        self.assertEqual(len(params), 1)
+
+        expected = {
+            "name": "foo",
+            "in": "query",
+            "type": "string",
+            "required": False,
+            "minLength": 3,
+        }
+        self.assertDictEqual(params[0], expected)
+
+    def test_covert_headers_with_request_validator_schema(self):
+        class RequestSchema(colander.MappingSchema):
+            headers = HeaderSchema()
+
+        node = RequestSchema()
+        params = self.handler.from_schema(node)
+        self.assertEqual(len(params), 1)
+
+        expected = {
+            "name": "bar",
+            "in": "header",
+            "type": "string",
+            "required": False,
+        }
+        self.assertDictEqual(params[0], expected)
+
+    def test_covert_path_with_request_validator_schema(self):
+        class RequestSchema(colander.MappingSchema):
+            path = PathSchema()
+
+        node = RequestSchema()
+        params = self.handler.from_schema(node)
+        self.assertEqual(len(params), 1)
+
+        expected = {
+            "name": "meh",
+            "in": "path",
+            "type": "string",
+            "required": True,
+            "default": "default",
+        }
+        self.assertDictEqual(params[0], expected)
+
+    def test_convert_multiple_with_request_validator_schema(self):
+        class RequestSchema(colander.MappingSchema):
+            body = BodySchema()
+            path = PathSchema()
+            querystring = QuerySchema()
+            headers = HeaderSchema()
+
+        node = RequestSchema()
+        params = self.handler.from_schema(node)
+
+        names = [param["name"] for param in params]
+        expected = ["BodySchema", "foo", "bar", "meh"]
+        self.assertEqual(sorted(names), sorted(expected))
+
+    def test_convert_descriptions(self):
+        class RequestSchema(colander.MappingSchema):
+            body = BodySchema(description="my body")
+
+        node = RequestSchema()
+        params = self.handler.from_schema(node)
+
+        expected = {
+            "name": "BodySchema",
+            "in": "body",
+            "required": True,
+            "description": "my body",
+            "schema": convert_schema(BodySchema(title="BodySchema", description="my body")),
+        }
+
+        self.assertDictEqual(params[0], expected)
+
+    def test_declarative_schema_handling(self):
+        handler = ParameterHandler(DefinitionHandler(ref=-1))
+        params = handler.from_schema(DeclarativeSchema())
+        another_params = handler.from_schema(AnotherDeclarativeSchema())
+
+        self.assertNotEqual(params[0]["schema"], another_params[0]["schema"])
+
+    def test_cornice_location_synonyms(self):
+        class RequestSchema(colander.MappingSchema):
+            header = HeaderSchema()
+            GET = QuerySchema()
+
+        node = RequestSchema()
+        params = self.handler.from_schema(node)
+
+        names = [param["name"] for param in params]
+        expected = ["foo", "bar"]
+        self.assertEqual(sorted(names), sorted(expected))
+
+
+class PathParamConversionTest(unittest.TestCase):
+    def setUp(self):
+        self.handler = ParameterHandler()
+
+    def test_from_path(self):
+        params = self.handler.from_path("/my/{param}/path/{id}")
+        names = [param["name"] for param in params]
+        expected = ["param", "id"]
+        self.assertEqual(sorted(names), sorted(expected))
+        for param in params:
+            self.assertEqual(param["in"], "path")
+
+    def test_handles_path_regex(self):
+        params = self.handler.from_path("/my/{param:\\d+}/path/{id:[a-z]{8,42}}")
+        named_params = {param["name"]: param for param in params}
+        expected = ["param", "id"]
+        self.assertEqual(sorted(named_params), sorted(expected))
+        self.assertEqual(named_params["param"]["pattern"], "\\d+")
+        self.assertEqual(named_params["id"]["pattern"], "[a-z]{8,42}")
+
+
+class RefParamTest(unittest.TestCase):
+    def setUp(self):
+        self.handler = ParameterHandler(ref=1)
+        self.handler.parameters = {}
+
+    def test_ref_from_path(self):
+        params = self.handler.from_path("/path/{id}")
+        expected = {
+            "name": "id",
+            "in": "path",
+            "type": "string",
+            "required": True,
+        }
+
+        self.assertEqual(params, [{"$ref": "#/parameters/id"}])
+        self.assertDictEqual(self.handler.parameter_registry, dict(id=expected))
+
+    def test_ref_from_declarative_validator_schema(self):
+        params = self.handler.from_schema(DeclarativeSchema())
+        self.assertEqual([{"$ref": "#/parameters/DeclarativeSchemaBody"}], params)
+
+    def test_ref_from_request_validator_schema(self):
+        class RequestSchema(colander.MappingSchema):
+            querystring = QuerySchema()
+
+        node = RequestSchema()
+        params = self.handler.from_schema(node)
+
+        expected = {
+            "name": "foo",
+            "in": "query",
+            "type": "string",
+            "required": False,
+            "minLength": 3,
+        }
+
+        self.assertEqual(params, [{"$ref": "#/parameters/foo"}])
+        self.assertDictEqual(self.handler.parameter_registry, dict(foo=expected))
diff --git a/tests/core/cornice_swagger/test_response_handler.py b/tests/core/cornice_swagger/test_response_handler.py
new file mode 100644
index 000000000..24bc857a1
--- /dev/null
+++ b/tests/core/cornice_swagger/test_response_handler.py
@@ -0,0 +1,94 @@
+import unittest
+
+import colander
+
+from kinto.core.cornice_swagger.converters import convert_schema
+from kinto.core.cornice_swagger.swagger import CorniceSwaggerException, ResponseHandler
+
+from .support import (
+    AnotherDeclarativeSchema,
+    BodySchema,
+    DeclarativeSchema,
+    HeaderSchema,
+    ResponseSchema,
+    response_schemas,
+)
+
+
+class SchemaResponseConversionTest(unittest.TestCase):
+    def setUp(self):
+        self.handler = ResponseHandler()
+
+    def test_sanity(self):
+        self.handler.from_schema_mapping(response_schemas)
+
+    def test_status_codes(self):
+        responses = self.handler.from_schema_mapping(response_schemas)
+        self.assertIn("200", responses)
+        self.assertIn("404", responses)
+        self.assertEqual(responses["200"]["description"], "Return ice cream")
+        self.assertEqual(responses["404"]["description"], "Return sadness")
+
+    def test_response_schema(self):
+        responses = self.handler.from_schema_mapping(response_schemas)
+        self.assertDictEqual(
+            responses["200"]["schema"], convert_schema(BodySchema(title="BodySchema"))
+        )
+        self.assertDictEqual(responses["200"]["headers"], {"bar": {"type": "string"}})
+
+    def test_response_schema_with_example(self):
+        class ResponseSchema(colander.MappingSchema):
+            body = BodySchema()
+
+        response_schemas = {"200": ResponseSchema(description="Return gelatto")}
+        responses = self.handler.from_schema_mapping(response_schemas)
+        self.assertTrue("ex" in responses["200"]["schema"]["properties"])
+        self.assertTrue("example" in responses["200"]["schema"]["properties"]["ex"])
+        self.assertEqual(
+            responses["200"]["schema"]["properties"]["ex"]["example"], "example string"
+        )
+
+    def test_cornice_location_synonyms(self):
+        class ResponseSchema(colander.MappingSchema):
+            header = HeaderSchema()
+
+        response_schemas = {"200": ResponseSchema(description="Return gelatto")}
+        responses = self.handler.from_schema_mapping(response_schemas)
+
+        self.assertDictEqual(responses["200"]["headers"], {"bar": {"type": "string"}})
+
+    def test_raise_exception_without_description(self):
+        response_schemas = {"200": ResponseSchema()}
+
+        self.assertRaises(
+            CorniceSwaggerException, self.handler.from_schema_mapping, response_schemas
+        )
+
+
+class RefResponseTest(unittest.TestCase):
+    def setUp(self):
+        self.handler = ResponseHandler(ref=1)
+        self.handler.responses = {}
+
+    def test_from_schema_mapping(self):
+        responses = self.handler.from_schema_mapping(response_schemas)
+        expected = {
+            "200": {"$ref": "#/responses/ResponseSchema"},
+            "404": {"$ref": "#/responses/ResponseSchema"},
+        }
+        self.assertEqual(expected, responses)
+        ref = self.handler.response_registry["ResponseSchema"]
+        self.assertDictEqual(ref["schema"], convert_schema(BodySchema(title="BodySchema")))
+        self.assertDictEqual(ref["headers"], {"bar": {"type": "string"}})
+
+    def test_declarative_response_schemas(self):
+        self.handler.from_schema_mapping({"200": DeclarativeSchema(description="response schema")})
+
+        self.handler.from_schema_mapping(
+            {"200": AnotherDeclarativeSchema(description="response schema")}
+        )
+
+        ref = self.handler.response_registry["DeclarativeSchema"]
+        another_ref = self.handler.response_registry["AnotherDeclarativeSchema"]
+
+        self.assertNotEqual(ref["schema"]["title"], another_ref["schema"]["title"])
diff --git a/tests/core/cornice_swagger/test_swagger.py b/tests/core/cornice_swagger/test_swagger.py
new file mode 100644
index 000000000..62fd42c6e
--- /dev/null
+++ b/tests/core/cornice_swagger/test_swagger.py
@@ -0,0 +1,541 @@
+import unittest
+
+from flex.core import validate
+
+from kinto.core.cornice.service import Service
+from kinto.core.cornice.validators import colander_validator
+from kinto.core.cornice_swagger.swagger import CorniceSwagger, CorniceSwaggerException
+
+from .support import GetRequestSchema, PutRequestSchema, response_schemas
+
+
+class CorniceSwaggerGeneratorTest(unittest.TestCase):
+    def setUp(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get(
+                validators=(colander_validator,),
+                schema=GetRequestSchema(),
+                response_schemas=response_schemas,
+            )
+            def view_get(self, request):
+                """Serve ice cream"""
+                return self.request.validated
+
+            @service.put(validators=(colander_validator,), schema=PutRequestSchema())
+            def view_put(self, request):
+                """Add flavour"""
+                return self.request.validated
+
+        self.service = service
+        CorniceSwagger.services = [self.service]
+        CorniceSwagger.api_title = "IceCreamAPI"
+        CorniceSwagger.api_version = "4.2"
+        self.swagger = CorniceSwagger()
+        self.spec = self.swagger.generate()
+        validate(self.spec)
+
+    def test_path(self):
+        self.assertIn("/icecream/{flavour}", self.spec["paths"])
+
+    def test_path_methods(self):
+        path = self.spec["paths"]["/icecream/{flavour}"]
+        self.assertIn("get", path)
+        self.assertIn("put", path)
+
+    def test_path_parameters(self):
+        parameters = self.spec["paths"]["/icecream/{flavour}"]["parameters"]
+        self.assertEqual(len(parameters), 1)
+        self.assertEqual(parameters[0]["name"], "flavour")
+
+    def test_summary_docstrings(self):
+        self.swagger.summary_docstrings = True
+        self.spec = self.swagger.generate()
+        validate(self.spec)
+        summary = self.spec["paths"]["/icecream/{flavour}"]["get"]["summary"]
+        self.assertEqual(summary, "Serve ice cream")
+
+    def test_summary_docstrings_with_klass(self):
+        class TemperatureCooler(object):
+            def put_view(self):
+                """Put it."""
+                pass
+
+        service = Service("TemperatureCooler", "/freshair", klass=TemperatureCooler)
+        service.add_view("put", "put_view")
+        CorniceSwagger.services = [service]
+        self.swagger = CorniceSwagger()
+        self.spec = self.swagger.generate()
+        validate(self.spec)
+
+    def test_with_schema_ref(self):
+        swagger = CorniceSwagger([self.service], def_ref_depth=1)
+        spec = swagger.generate()
+        validate(spec)
+        self.assertIn("definitions", spec)
+
+    def test_with_param_ref(self):
+        swagger = CorniceSwagger([self.service], param_ref=True)
+        spec = swagger.generate()
+        validate(spec)
+        self.assertIn("parameters", spec)
+
+    def test_with_resp_ref(self):
+        swagger = CorniceSwagger([self.service], resp_ref=True)
+        spec = swagger.generate()
+        validate(spec)
+        self.assertIn("responses", spec)
+
+    def test_swagger_field_updates_extracted_paths(self):
+        self.swagger.swagger = {"definitions": {"OtherDef": {"additionalProperties": {}}}}
+        spec = self.swagger.generate()
+        validate(spec)
+        self.assertEqual(spec["definitions"], self.swagger.swagger["definitions"])
+
+
+class ExtractContentTypesTest(unittest.TestCase):
+    def test_default_renderer(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get()
+            def view_get(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertEqual(
+            spec["paths"]["/icecream/{flavour}"]["get"]["produces"], ["application/json"]
+        )
+
+    def test_json_renderer(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get(renderer="json")
+            def view_get(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertEqual(
+            spec["paths"]["/icecream/{flavour}"]["get"]["produces"], ["application/json"]
+        )
+
+    def test_xml_renderer(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get(renderer="xml")
+            def view_get(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertEqual(spec["paths"]["/icecream/{flavour}"]["get"]["produces"], ["text/xml"])
+
+    def test_unkown_renderer(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get(renderer="")
+            def view_get(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertNotIn("produces", spec["paths"]["/icecream/{flavour}"]["get"])
+
+    def test_single_ctype(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.put(content_type="application/json")
+            def view_put(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertEqual(
+            spec["paths"]["/icecream/{flavour}"]["put"]["consumes"], ["application/json"]
+        )
+
+    def test_no_ctype_no_list_with_none(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.put()
+            def view_put(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertNotIn("consumes", spec["paths"]["/icecream/{flavour}"]["put"])
+
+    def test_multiple_ctypes(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.put(content_type=("application/json", "text/xml"))
+            def view_put(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertEqual(
+            spec["paths"]["/icecream/{flavour}"]["put"]["consumes"],
+            ["application/json", "text/xml"],
+        )
+
+    def test_single_ctype_callable(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        def my_ctype_callable(request):
+            return "application/octet-stream"
+
+        class IceCream(object):
+            @service.put(content_type=my_ctype_callable)
+            def view_put(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertEqual(spec["paths"]["/icecream/{flavour}"]["put"]["consumes"], [])
+
+    def test_mixed_ctype_string_and_callable(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        def my_ctype_callable(request):
+            return "application/octet-stream"
+
+        def my_ctype_callable_2(request):
+            return "image/png"
+
+        class IceCream(object):
+            @service.put(
+                content_type=(
+                    my_ctype_callable,
+                    "application/json",
+                    my_ctype_callable_2,
+                    "image/jpeg",
+                )
+            )
+            def view_put(self, request):
+                return self.request.validated
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        self.assertEqual(
+            spec["paths"]["/icecream/{flavour}"]["put"]["consumes"],
+            ["application/json", "image/jpeg"],
+        )
+
+    def test_ignore_multiple_views_by_ctype(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            def view_put(self, request):
+                return "red"
+
+        service.add_view(
+            "put",
+            IceCream.view_put,
+            validators=(colander_validator,),
+            schema=PutRequestSchema(),
+            content_type="application/json",
+        )
+        service.add_view(
+            "put",
+            IceCream.view_put,
+            validators=(colander_validator,),
+            schema=PutRequestSchema(),
+            content_type="text/xml",
+        )
+
+        swagger = CorniceSwagger([service])
+        swagger.ignore_ctypes = ["text/xml"]
+        spec = swagger.generate()
+        self.assertEqual(
+            spec["paths"]["/icecream/{flavour}"]["put"]["consumes"], ["application/json"]
+        )
+
+    def test_multiple_views_with_different_ctypes_raises_exception(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            def view_put(self, request):
+                return "red"
+
+        service.add_view(
+            "put",
+            IceCream.view_put,
+            validators=(colander_validator,),
+            schema=PutRequestSchema(),
+            content_type="application/json",
+        )
+        service.add_view(
+            "put",
+            IceCream.view_put,
+            validators=(colander_validator,),
+            schema=PutRequestSchema(),
+            content_type="text/xml",
+        )
+
+        swagger = CorniceSwagger([service])
+        self.assertRaises(CorniceSwaggerException, swagger.generate)
+
+
+class ExtractPathTest(unittest.TestCase):
+    def test_handles_subpaths_as_parameters(self):
+        service = Service("IceCream", "/icecream/*subpath")
+
+        class IceCream(object):
+            @service.get()
+            def view_get(self, request):
+                return self.request
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        expected = {"name": "subpath", "required": True, "type": "string", "in": "path"}
+        self.assertDictEqual(spec["paths"]["/icecream/{subpath}"]["parameters"][0], expected)
+
+
+class ExtractTagsTest(unittest.TestCase):
+    def test_service_defined_tags(self):
+        service = Service("IceCream", "/icecream/{flavour}", tags=["yum"])
+
+        class IceCream(object):
+            @service.get()
+            def view_get(self, request):
+                return service
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        validate(spec)
+        tags = spec["paths"]["/icecream/{flavour}"]["get"]["tags"]
+        self.assertEqual(tags, ["yum"])
+
+    def test_view_defined_tags(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get(tags=["cold", "foo"])
+            def view_get(self, request):
+                return service
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        validate(spec)
+        tags = spec["paths"]["/icecream/{flavour}"]["get"]["tags"]
+        self.assertEqual(tags, ["cold", "foo"])
+
+    def test_both_defined_tags(self):
+        service = Service("IceCream", "/icecream/{flavour}", tags=["yum"])
+
+        class IceCream(object):
+            @service.get(tags=["cold", "foo"])
+            def view_get(self, request):
+                return service
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        validate(spec)
+        tags = spec["paths"]["/icecream/{flavour}"]["get"]["tags"]
+        self.assertEqual(tags, ["yum", "cold", "foo"])
+
+    def test_listed_default_tags(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get()
+            def view_get(self, request):
+                return service
+
+        swagger = CorniceSwagger([service])
+        swagger.default_tags = ["cold"]
+        spec = swagger.generate()
+        validate(spec)
+        tags = spec["paths"]["/icecream/{flavour}"]["get"]["tags"]
+        self.assertEqual(tags, ["cold"])
+
+    def test_callable_default_tags(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get()
+            def view_get(self, request):
+                return service
+
+        def default_tag_callable(service, method):
+            return ["cold"]
+
+        swagger = CorniceSwagger([service])
+        swagger.default_tags = default_tag_callable
+        spec = swagger.generate()
+        validate(spec)
+        tags = spec["paths"]["/icecream/{flavour}"]["get"]["tags"]
+        self.assertEqual(tags, ["cold"])
+
+    def test_provided_tags_override_sorting(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get(tags=["cold", "foo"])
+            def view_get(self, request):
+                return service
+
+        swagger = CorniceSwagger([service])
+        tags = [{"name": "foo", "description": "bar"}]
+        swagger.swagger = {"tags": tags}
+        spec = swagger.generate()
+        validate(spec)
+        self.assertListEqual(
+            [{"name": "foo", "description": "bar"}, {"name": "cold"}], spec["tags"]
+        )
+
+    def test_invalid_view_tag_raises_exception(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get(tags="cold")
+            def view_get(self, request):
+                return service
+
+        swagger = CorniceSwagger([service])
+        self.assertRaises(CorniceSwaggerException, swagger.generate)
+
+    def test_invalid_service_tag_raises_exception(self):
+        service = Service("IceCream", "/icecream/{flavour}", tags="cold")
+
+        class IceCream(object):
+            @service.get()
+            def view_get(self, request):
+                return service
+
+        swagger = CorniceSwagger([service])
+        self.assertRaises(CorniceSwaggerException, swagger.generate)
+
+
+class ExtractOperationIdTest(unittest.TestCase):
+    def test_view_defined_operation_id(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        @service.get(operation_id="serve_icecream")
+        def view_get(self, request):
+            return service
+
+        swagger = CorniceSwagger([service])
+        spec = swagger.generate()
+        validate(spec)
+        op_id = spec["paths"]["/icecream/{flavour}"]["get"]["operationId"]
+        self.assertEqual(op_id, "serve_icecream")
+
+    def test_default_operation_ids(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        @service.get()
+        def view_get(self, request):
+            return service
+
+        @service.put()
+        def view_put(self, request):
+            return service
+
+        def op_id_generator(service, method):
+            return "%s_%s" % (method.lower(), service.path.split("/")[-2])
+
+        swagger = CorniceSwagger([service])
+        swagger.default_op_ids = op_id_generator
+        spec = swagger.generate()
+        validate(spec)
+        op_id = spec["paths"]["/icecream/{flavour}"]["get"]["operationId"]
+        self.assertEqual(op_id, "get_icecream")
+        op_id = spec["paths"]["/icecream/{flavour}"]["put"]["operationId"]
+        self.assertEqual(op_id, "put_icecream")
+
+    def test_invalid_default_opid_raises_exception(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        @service.get()
+        def view_get(self, request):
+            return service
+
+        swagger = CorniceSwagger([service])
+        swagger.default_op_ids = "foo"
+        self.assertRaises(CorniceSwaggerException, swagger.generate)
+
+
+class ExtractSecurityTest(unittest.TestCase):
+    def test_view_defined_security(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        @service.get(api_security=[{"basicAuth": []}])
+        def view_get(self, request):
+            return service
+
+        swagger = CorniceSwagger([service])
+        swagger.swagger = {"securityDefinitions": {"basicAuth": {"type": "basic"}}}
+        spec = swagger.generate()
+        validate(spec)
+        security = spec["paths"]["/icecream/{flavour}"]["get"]["security"]
+        self.assertEqual(security, [{"basicAuth": []}])
+
+    def test_listed_default_security(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        @service.get()
+        def view_get(self, request):
+            return service
+
+        swagger = CorniceSwagger([service])
+        swagger.swagger = {"securityDefinitions": {"basicAuth": {"type": "basic"}}}
+        swagger.default_security = [{"basicAuth": []}]
+        spec = swagger.generate()
+        validate(spec)
+        security = spec["paths"]["/icecream/{flavour}"]["get"]["security"]
+        self.assertEqual(security, [{"basicAuth": []}])
+
+    def test_callable_default_security(self):
+        def get_security(service, method):
+            definitions = service.definitions
+            for definition in definitions:
+                met, view, args = definition
+                if met == method:
+                    break
+
+            if "security" in args:
+                return [{"basicAuth": []}]
+            else:
+                return []
+
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        @service.get()
+        def view_get(self, request):
+            return service
+
+        @service.post(security="foo")
+        def view_post(self, request):
+            return service
+
+        swagger = CorniceSwagger([service])
+        swagger.swagger = {"securityDefinitions": {"basicAuth": {"type": "basic"}}}
+        swagger.default_security = get_security
+        spec = swagger.generate()
+        validate(spec)
+        security = spec["paths"]["/icecream/{flavour}"]["post"]["security"]
+        self.assertEqual(security, [{"basicAuth": []}])
+        security = spec["paths"]["/icecream/{flavour}"]["get"]["security"]
+        self.assertEqual(security, [])
+
+    def test_invalid_security_raises_exception(self):
+        service = Service("IceCream", "/icecream/{flavour}")
+
+        class IceCream(object):
+            @service.get(api_security="basicAuth")
+            def view_get(self, request):
+                return service
+
+        swagger = CorniceSwagger([service])
+        self.assertRaises(CorniceSwaggerException, swagger.generate)
diff --git a/tests/core/test_openapi.py b/tests/core/test_openapi.py
index 30df86d8c..9cad8308a 100644
--- a/tests/core/test_openapi.py
+++ b/tests/core/test_openapi.py
@@ -1,13 +1,18 @@
 import unittest
 from unittest import mock
 
-from kinto.core.cornice.service import get_services
+from kinto.core.cornice.service import clear_services, get_services
 from kinto.core.openapi import OpenAPI
 
 from .support import BaseWebTest
 
 
 class OpenAPITest(BaseWebTest, unittest.TestCase):
+    @classmethod
+    def setUpClass(cls):
+        clear_services()
+        super().setUpClass()
+
     def setUp(self):
         super(OpenAPITest, self).setUp()
         self.request = mock.MagicMock()