A Flask extension adding a decorator for CORS support
Project description
A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
Installation
Install the extension with using pip, or easy_install.
$ pip install flask-cors
Usage
This extension enables CORS support either via a decorator, or a Flask extension. There are three examples shown in the examples directory, showing the major use cases. The suggested configuration is the simple_example.py, or the app_example.py.
Simple Usage
In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS on all routes.
app = Flask(__name__)
cors = CORS(app)
@app.route("/")
def helloWorld():
return "Hello, cross-origin-world!"
Resource specific CORS
Alternatively, a list of resources and associated settings for CORS can be supplied, selectively enables CORS support on a set of paths on your app.
Note: this resources parameter can also be set in your application’s config.
app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
@app.route("/api/v1/users")
def list_users():
return "user example"
Route specific CORS via decorator
This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask’s @app.route(..) incanation to accept the default options and allow CORS on a given route.
@app.route("/")
@cross_origin() # allow all origins all methods.
def helloWorld():
return "Hello, cross-origin-world!"
Using JSON with CORS
When using JSON cross origin, browsers will issue a pre-flight OPTIONS request for POST requests. In order for browsers to allow POST requests with a JSON content type, you must allow the Content-Type header. The simplest way to do this is to simply set the CORS_HEADERS configuration value on your application: e.g.
app.config['CORS_HEADERS'] = 'Content-Type'
Application-wide settings
Alternatively, you can set all parameters except automatic_options in an app’s config object. Setting these at the application level effectively changes the default value for your application, while still allowing you to override it on a per-resource basis, either via the CORSEnabler and regular expressions, or via the @cross_origin() decorator.
The application-wide configuration options are creatively prefixed with CORS_ e.g. * CORS_ORIGINS * CORS_METHODS * CORS_HEADERS * CORS_EXPOSE_HEADERS * CORS_ALWAYS_SEND * CORS_MAX_AGE * CORS_SEND_WILDCARD * CORS_ALWAYS_SEND
For a full list of options, please see the full documentation
Tests
A simple set of tests is included in test/. To run, install nose, and simply invoke nosetests or python setup.py test to exercise the tests.
Contributing
Questions, comments or improvements? Please create an issue on Github, tweet at [@wcdolphin](https://twitter.com/wcdolphin) or send me an email.
Credits
This Flask extension is based upon the [Decorator for the HTTP Access Control](http://flask.pocoo.org/snippets/56/) written by Armin Ronacher.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for Flask_Cors-1.7.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 672d2c16ce358f0962f693697b60fc6b1ca41c8c54ad94830b3b0b82c6ceb7a7 |
|
MD5 | be2f7e698789f0e971127ccb09438218 |
|
BLAKE2b-256 | d9445fe2d02588f17f7a906d934c99198d5f3e79a745aa38877abbc2bf60d35b |
Hashes for Flask_Cors-1.7.0-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 689a4b147752eb0004327c27f3a7e2ba0c80ba6de84a59d28265b1a5a920f654 |
|
MD5 | 5d5156074acd97bb1cccf6fab3700f9c |
|
BLAKE2b-256 | da3411a3afc88121abcc305b0a7d8d7d4b5eeeaafe80e1b3fc89eb5bfe4cdb58 |