skip to navigation
skip to content

Not Logged In

Flask-Cors 1.4.0

A Flask extension adding a decorator for CORS support

Latest Version: 1.10.3

Flask-CORS is a simple extension to Flask allowing you to support cross origin resource sharing (CORS) using a simple decorator.

Installation

Install the extension with using pip, or easy_install.

$ pip install flask-cors

Usage

This extension exposes a simple decorator to decorate flask routes with. Simply add @cross_origin() below a call to Flask’s @app.route(..) incanation to accept the default options and allow CORS on a given route.

Simple Usage

@app.route("/")
@cross_origin() # allow all origins all methods.
def helloWorld():
  return "Hello, cross-origin-world!"

Using JSON with Cross Origin

When using JSON cross origin, browsers will issue a pre-flight OPTIONS request for POST requests. In order for browsers to allow POST requests with a JSON content type, you must allow the Content-Type header.

@app.route("/user/create", methods=['GET','POST'])
@cross_origin(headers=['Content-Type']) # Send Access-Control-Allow-Headers
def cross_origin_json_post():
  return jsonify(success=True)

Application-wide settings

Alternatively, setting your application’s CORS_ORIGINS or CORS_HEADERS configuration property will effectively change the default value for your application, while still allowing you to override it on a per-resource basis:

app.config['CORS_ORIGINS'] = ['https://foo.com', 'http://www.bar.com']
app.config['CORS_HEADERS'] = ['Content-Type']

# Will return CORS headers for origins 'https://foo.com'and 'http://www.bar.com'
# and an Access-Control-Allow-Headers of 'Content-Type'
"""
Will return CORS headers for origins 'https://foo.com'and
'http://www.bar.com' and an Access-Control-Allow-Headers of 'Content-Type'
E.G. Testing with httpie
    ➜  ~  http GET http://127.0.0.1:5000/
    HTTP/1.0 200 OK
    Access-Control-Allow-Headers: Content-Type
    Access-Control-Allow-Origin: https://foo.com, http://www.bar.com
    Content-Length: 26
    Content-Type: text/html; charset=utf-8
    Date: Tue, 22 Jul 2014 23:55:53 GMT
    Server: Werkzeug/0.9.4 Python/2.7.8

    Hello, cross-origin-world!
"""
@app.route("/")
@cross_origin()
def helloWorld():
  return "Hello, cross-origin-world!"


"""
Will return CORS headers for 'google.com' and  Access-Control-Allow-Headers of
'Content-Type'.
E.G. Testing with httpie
     ➜  ~  http GET http://127.0.0.1:5000/special
    HTTP/1.0 200 OK
    Access-Control-Allow-Headers: Content-Type
    Access-Control-Allow-Origin: http://google.com
    Content-Length: 33
    Content-Type: text/html; charset=utf-8
    Date: Tue, 22 Jul 2014 23:55:29 GMT
    Server: Werkzeug/0.9.4 Python/2.7.8

    Hello, google-cross-origin-world!
"""
@app.route("/special")
@cross_origin(origins="http://google.com")
def helloGoogle():
  return "Hello, google-cross-origin-world!"

For a full list of options, please see the full documentation

Tests

A simple set of tests is included in test.py. To run, install nose, and simply invoke nosetests or run python test.py or python setup.py test to exercise the tests.

Contributing

Questions, comments or improvements? Please create an issue on Github, tweet at [@wcdolphin](https://twitter.com/wcdolphin) or send me an email.

 
File Type Py Version Uploaded on Size
Flask-Cors-1.4.0.tar.gz (md5) Source 2014-07-23 10KB
  • Downloads (All Versions):
  • 708 downloads in the last day
  • 4480 downloads in the last week
  • 9692 downloads in the last month