Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Flask-cors wrapper not working when jwt auth wrapper is applied.

Tags:

python

authentication

cross-domain

flask

I'm trying to build a api site using Flask, and I am using Flask-jwt to provide token authorization.
The authorizaiton works fine if I do CORS in Apache ( using mod_headers to add Allow-Access headers, like this

Header set Access-Control-Allow-Origin "*"

However, I want to have more detailed access control instead of just using wildcard. and I looked at flask-cors, which is a nice wrapper to check origin and send the header. And now my route looks like this (and no header manipulation in apache settings)

@app.route('/protected/place')
@cross_origin(headers=['Content-Type']) # Send Access-Control-Allow-Headers
@jwt_required()
def my_view_func():
    do something

But now I will not get the Access-Control headers response from the server if I make the http request from javascript. (However, if I manually post, like doing curl, i can still see the cross origin plugin working and the Access control headers)

When I remove the @jwt_required wrapper, the cross_origin wrapper functions fine and it will give me response. when the jwt_required wrapper is applied, no response can be seen from the server.

I'm debugging my client page with chrome. BTW

I tried to change the order of the wrappers, but it doesn't help.

Is it possible that, if the authentication fails, the cross_origin wrapper will not send the Access Control headers?

the source code of the two wrappers :
flask-jwt:
https://github.com/mattupstate/flask-jwt/blob/master/flask_jwt/init.py
flask-cors:
https://github.com/wcdolphin/flask-cors/blob/master/flask_cors.py

like image 761
Yang Hu Avatar asked Jul 18 '14 14:07

Yang Hu

1 Answers

After struggling for many hours, I finally found the problem. Hope it helps others who encouter the same problem.
Just need to include Authorization in "headers" argument (which sets the Access-Control-Allow-Headers field) when authentication is needed.
Like this

@app.route('/protected/place') 
@cross_origin(headers=['Content-Type','Authorization']) # Send Access-Control-Allow-Headers 
@jwt_required() 
def my_view_func(): 
    do something
like image 90
Yang Hu Avatar answered Oct 24 '22 09:10

Yang Hu
Sign in to Comment

Related questions

What is the use of super(ClassName,self)._init_() [duplicate]
GtkTreeView with multiple columns and GtkListStore with single custom type (in Python)
Python: can't invoke parent class destructor with super()
Python - throw exception if division has remainder?
Celery Tasks Not Being Processed
Run Python module with absolute path
python matplotlib legend shows first entry of a list only
Appending multiple returned values to different lists in Python
Specify the sort-order for an Enum field type
Why can't we call a Twisted deferred twice?
Vectorize Forward Euler method for system of differential equations
Can Mayavi render a figure scene with a transparent background?
Where can I see the list of built-in wavelet functions that I can pass to scipy.signal.cwt?
Add argparse arguments from external modules
Is a Python requests Session object shared between gevent greenlets, thread-safe (between greenlets)?
Python Numerical Integration for Volume of Region
Python Tornado - Asynchronous Request is blocking
How do I convert a csv file to xlsb using Python?
Why does Django name 2 folders the project name?
Changing style of PDF-Latex output through IPython Notebook conversion

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!