I've developed a small write-only REST api with Flask Restful that accepts PUT request from a handful of clients that can potentially have changing IP addresses. My clients are embedded Chromium clients running an AngularJS front-end; they authenticate with my API with a simple magic key -- it's sufficient for my very limited scale.
I'm testing deploying my API now and I notice that the Angular clients are attempting to send an OPTIONS http methods to my Flask service. My API meanwhile is replying with a 404 (since I didn't write an OPTIONS handler yet, only a PUT handler). It seems that when sending cross-domain requests that are not POST or GET, Angular will send a pre-flight OPTIONS method at the server to make sure the cross-domain request is accepted before it sends the actual request. Is that right?
Anyway, how do I allow all cross-domain PUT requests to Flask Restful API? I've used cross-domaion decorators with a (non-restful) Flask instance before, but do I need to write an OPTIONS handler as well into my API?
Flask automatically process OPTIONS requests. To get access for cross domain request you API must have Access-Control-Allow-Origin header. It can contain specific domains, but if you want allow requests from any domains you can set it to Access-Control-Allow-Origin: * .
In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in the documentation. from flask import Flask from flask_cors import CORS app = Flask(__name__) CORS(app) @app.
Being lightweight, easy to adopt, well-documented, and popular, Flask is a good option for developing RESTful APIs.
With the Flask-CORS module, you can do cross-domain requests without changing your code.
from flask.ext.cors import CORS app = Flask(__name__) cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
As Eric suggested, the flask.ext.cors
module is now deprecated, you should rather use the following code:
from flask_cors import CORS app = Flask(__name__) cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
You can use the after_request hook:
@app.after_request def after_request(response): response.headers.add('Access-Control-Allow-Origin', '*') response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization') response.headers.add('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE') return response
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With