Skip to main content

A Flask extension adding a decorator for CORS support

Project description

Build Status Latest Version Downloads Supported Python versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

Installation

Install the extension with using pip, or easy_install.

$ pip install flask-cors

Usage

This extension exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask’s @app.route(..) incanation to accept the default options and allow CORS on a given route.

Simple Usage

@app.route("/")
@cross_origin() # allow all origins all methods.
def helloWorld():
  return "Hello, cross-origin-world!"

Using JSON with Cross Origin

When using JSON cross origin, browsers will issue a pre-flight OPTIONS request for POST requests. In order for browsers to allow POST requests with a JSON content type, you must allow the Content-Type header.

@app.route("/user/create", methods=['GET','POST'])
@cross_origin(headers=['Content-Type']) # Send Access-Control-Allow-Headers
def cross_origin_json_post():
  return jsonify(success=True)

Application-wide settings

Alternatively, you can set any of these options in an app’s config object. Setting these at the application level effectively changes the default value for your application, while still allowing you to override it on a per-resource basis.

The application-wide configuration options are creatively prefixed with CORS_ e.g. * CORS_ORIGINS * CORS_METHODS * CORS_HEADERS * CORS_EXPOSE_HEADERS * CORS_ALWAYS_SEND * CORS_MAX_AGE * CORS_SEND_WILDCARD * CORS_ALWAYS_SEND * CORS_AUTOMATIC_OPTIONS

app.config['CORS_ORIGINS'] = ['https://foo.com', 'http://www.bar.com']
app.config['CORS_HEADERS'] = ['Content-Type']

# Will return CORS headers for origins 'https://foo.com'and 'http://www.bar.com'
# and an Access-Control-Allow-Headers of 'Content-Type'
"""
Will return CORS headers for origins 'https://foo.com'and
'http://www.bar.com' and an Access-Control-Allow-Headers of 'Content-Type'
E.G. Testing with httpie
    ➜  ~  http GET http://127.0.0.1:5000/
    HTTP/1.0 200 OK
    Access-Control-Allow-Headers: Content-Type
    Access-Control-Allow-Origin: https://foo.com, http://www.bar.com
    Content-Length: 26
    Content-Type: text/html; charset=utf-8
    Date: Tue, 22 Jul 2014 23:55:53 GMT
    Server: Werkzeug/0.9.4 Python/2.7.8

    Hello, cross-origin-world!
"""
@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"


"""
Will return CORS headers for 'google.com' and  Access-Control-Allow-Headers of
'Content-Type'.
E.G. Testing with httpie
     ➜  ~  http GET http://127.0.0.1:5000/special
    HTTP/1.0 200 OK
    Access-Control-Allow-Headers: Content-Type
    Access-Control-Allow-Origin: http://google.com
    Content-Length: 33
    Content-Type: text/html; charset=utf-8
    Date: Tue, 22 Jul 2014 23:55:29 GMT
    Server: Werkzeug/0.9.4 Python/2.7.8

    Hello, google-cross-origin-world!
"""
@app.route("/special")
@cross_origin(origins="http://google.com")
def helloGoogle():
  return "Hello, google-cross-origin-world!"

For a full list of options, please see the full documentation

Tests

A simple set of tests is included in test/. To run, install nose, and simply invoke nosetests or python setup.py test to exercise the tests.

Contributing

Questions, comments or improvements? Please create an issue on Github, tweet at [@wcdolphin](https://twitter.com/wcdolphin) or send me an email.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Flask-Cors-1.6.1.tar.gz (13.3 kB view details)

Uploaded Source

Built Distributions

Flask_Cors-1.6.1-py3-none-any.whl (8.7 kB view details)

Uploaded Python 3

Flask_Cors-1.6.1-py2-none-any.whl (8.7 kB view details)

Uploaded Python 2

File details

Details for the file Flask-Cors-1.6.1.tar.gz.

File metadata

  • Download URL: Flask-Cors-1.6.1.tar.gz
  • Upload date:
  • Size: 13.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for Flask-Cors-1.6.1.tar.gz
Algorithm Hash digest
SHA256 24ae9e068d92963116ef3854e105b9840f42ddd759c1da836c2b86a3fb510736
MD5 5fa8db164cd2d57e8ce3d16d25170bc1
BLAKE2b-256 3c9f2eeccb028cfe2b24803b2d7209525687835648f6d9accd787cddae797e77

See more details on using hashes here.

File details

Details for the file Flask_Cors-1.6.1-py3-none-any.whl.

File metadata

File hashes

Hashes for Flask_Cors-1.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 0e35df804736687e43c91770af097cfc3f0d3cd3168f947947648c8ba40bd440
MD5 c8391129493da1125e9d539aa3f197e2
BLAKE2b-256 5821289bf60134d20fc1771882dd5442c8deb92e6861cae76eaefea7b095f635

See more details on using hashes here.

File details

Details for the file Flask_Cors-1.6.1-py2-none-any.whl.

File metadata

File hashes

Hashes for Flask_Cors-1.6.1-py2-none-any.whl
Algorithm Hash digest
SHA256 c77070196bcd6f76f40ad39e7f22cff3bbb28ba5064a35b350963edd2b3de967
MD5 4a921c0b55a59b442b34f3f1059b9c91
BLAKE2b-256 5511580371924d72595d3918b4c0cfa0723b3304163ec7da15fa740865485858

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page