A Flask extension adding a decorator for CORS support
Project description
A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
Installation
Install the extension with using pip, or easy_install.
$ pip install flask-cors
Usage
This extension enables CORS support either via a decorator, or a Flask extension. There are three examples shown in the examples directory, showing the major use cases. The suggested configuration is the simple_example.py, or the app_example.py.
Simple Usage
In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS on all routes.
app = Flask(__name__)
cors = CORS(app)
@app.route("/")
def helloWorld():
return "Hello, cross-origin-world!"
Resource specific CORS
Alternatively, a list of resources and associated settings for CORS can be supplied, selectively enables CORS support on a set of paths on your app.
Note: this resources parameter can also be set in your application’s config.
app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
@app.route("/api/v1/users")
def list_users():
return "user example"
Route specific CORS via decorator
This extension also exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask’s @app.route(..) incanation to accept the default options and allow CORS on a given route.
@app.route("/")
@cross_origin() # allow all origins all methods.
def helloWorld():
return "Hello, cross-origin-world!"
Using JSON with CORS
When using JSON cross origin, browsers will issue a pre-flight OPTIONS request for POST requests. In order for browsers to allow POST requests with a JSON content type, you must allow the Content-Type header. The simplest way to do this is to simply set the CORS_HEADERS configuration value on your application: e.g.
app.config['CORS_HEADERS'] = 'Content-Type'
Application-wide settings
Alternatively, you can set all parameters except automatic_options in an app’s config object. Setting these at the application level effectively changes the default value for your application, while still allowing you to override it on a per-resource basis, either via the CORS and regular expressions, or via the @cross_origin() decorator.
The application-wide configuration options are creatively prefixed with ‘CORS_’ e.g.
CORS_ORIGINS
CORS_METHODS
CORS_HEADERS
CORS_EXPOSE_HEADERS
CORS_ALWAYS_SEND
CORS_MAX_AGE
CORS_SEND_WILDCARD
CORS_ALWAYS_SEND
For a full list of options, please see the full documentation
Tests
A simple set of tests is included in test/. To run, install nose, and simply invoke nosetests or python setup.py test to exercise the tests.
Contributing
Questions, comments or improvements? Please create an issue on Github, tweet at @wcdolphin or send me an email.
Credits
This Flask extension is based upon the Decorator for the HTTP Access Control written by Armin Ronacher.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for Flask_Cors-1.7.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 66a464ab4966099930ce01ecf5b7e96dad7671f13e2a980e28400757aa2fbd99 |
|
MD5 | b11d3f379a5568825b18a8369d4a99ce |
|
BLAKE2b-256 | 5e04d5ec1d666589ed822aab1e13119648cf7420959d41bcb210bcfdf3dd43dd |
Hashes for Flask_Cors-1.7.2-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 108654e24e720c5efe35fd67230286ae0069afe1e785d39dc12f759aeb938ad1 |
|
MD5 | bc94088e1f9446b1b71926e8302c3ac0 |
|
BLAKE2b-256 | 680972a8d525d08b8f071379b63faac31aa799827404cae0ca81d38ba259ed80 |