A Flask extension adding a decorator for CORS support

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Cory Dolphin

Maintainers

Avatar for corydolphin from gravatar.com corydolphin Avatar for wcdolphin from gravatar.com wcdolphin

Classifiers

Project description

Build Status Latest Version Downloads Supported Python versions License

A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.

Installation

Install the extension with using pip, or easy_install.

$ pip install flask-cors

Usage

This extension exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask’s @app.route(..) incanation to accept the default options and allow CORS on a given route.

Simple Usage

@app.route("/")
@cross_origin() # allow all origins all methods.
def helloWorld():
  return "Hello, cross-origin-world!"

Using JSON with Cross Origin

When using JSON cross origin, browsers will issue a pre-flight OPTIONS request for POST requests. In order for browsers to allow POST requests with a JSON content type, you must allow the Content-Type header.

@app.route("/user/create", methods=['GET','POST'])
@cross_origin(headers=['Content-Type']) # Send Access-Control-Allow-Headers
def cross_origin_json_post():
  return jsonify(success=True)

Application-wide settings

Alternatively, you can set any of these options in an app’s config object. Setting these at the application level effectively changes the default value for your application, while still allowing you to override it on a per-resource basis.

The application-wide configuration options are creatively prefixed with CORS_ e.g. * CORS_ORIGINS * CORS_METHODS * CORS_HEADERS * CORS_EXPOSE_HEADERS * CORS_ALWAYS_SEND * CORS_MAX_AGE * CORS_SEND_WILDCARD * CORS_ALWAYS_SEND * CORS_AUTOMATIC_OPTIONS

app.config['CORS_ORIGINS'] = ['https://foo.com', 'http://www.bar.com']
app.config['CORS_HEADERS'] = ['Content-Type']

# Will return CORS headers for origins 'https://foo.com'and 'http://www.bar.com'
# and an Access-Control-Allow-Headers of 'Content-Type'
"""
Will return CORS headers for origins 'https://foo.com'and
'http://www.bar.com' and an Access-Control-Allow-Headers of 'Content-Type'
E.G. Testing with httpie
    ➜  ~  http GET http://127.0.0.1:5000/
    HTTP/1.0 200 OK
    Access-Control-Allow-Headers: Content-Type
    Access-Control-Allow-Origin: https://foo.com, http://www.bar.com
    Content-Length: 26
    Content-Type: text/html; charset=utf-8
    Date: Tue, 22 Jul 2014 23:55:53 GMT
    Server: Werkzeug/0.9.4 Python/2.7.8

    Hello, cross-origin-world!
"""
@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"


"""
Will return CORS headers for 'google.com' and  Access-Control-Allow-Headers of
'Content-Type'.
E.G. Testing with httpie
     ➜  ~  http GET http://127.0.0.1:5000/special
    HTTP/1.0 200 OK
    Access-Control-Allow-Headers: Content-Type
    Access-Control-Allow-Origin: http://google.com
    Content-Length: 33
    Content-Type: text/html; charset=utf-8
    Date: Tue, 22 Jul 2014 23:55:29 GMT
    Server: Werkzeug/0.9.4 Python/2.7.8

    Hello, google-cross-origin-world!
"""
@app.route("/special")
@cross_origin(origins="http://google.com")
def helloGoogle():
  return "Hello, google-cross-origin-world!"

For a full list of options, please see the full documentation

Tests

A simple set of tests is included in test/. To run, install nose, and simply invoke nosetests or python setup.py test to exercise the tests.

Contributing

Questions, comments or improvements? Please create an issue on Github, tweet at [@wcdolphin](https://twitter.com/wcdolphin) or send me an email.

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: Cory Dolphin

Maintainers

Avatar for corydolphin from gravatar.com corydolphin Avatar for wcdolphin from gravatar.com wcdolphin

Classifiers


Release history Release notifications | RSS feed

3.0.8

3.0.7

3.0.6

3.0.4

3.0.3

3.0.2

3.0.1

3.0.0

2.1.3

2.1.2

2.1.1

2.1.0

2.0.1

2.0.0

2.0.0rc1 pre-release

1.10.3

1.10.2

1.10.1

1.10.0

1.9.0

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

This version

1.6.1

1.6.0

1.5.0

1.4.0

1.3.1

1.3.0

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for Flask-Cors, version 1.6.1
Filename, size File type Python version Upload date Hashes
Filename, size Flask_Cors-1.6.1-py2-none-any.whl (8.7 kB) File type Wheel Python version 2.6 Upload date Hashes View
Filename, size Flask_Cors-1.6.1-py3-none-any.whl (8.7 kB) File type Wheel Python version 3.3 Upload date Hashes View
Filename, size Flask-Cors-1.6.1.tar.gz (13.3 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page