Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python, Flask: How to set response header for all responses

I want to set all of my http headers responses to something like this:

response.headers["X-Frame-Options"] = "SAMEORIGIN" 

I checked this question, but it only changes the header for one specific controller. I want to change all of my headers maybe in "before_request" function similar to the following logic. How can I do that?

@app.before_request def before_request():     # response.headers["X-Frame-Options"] = "SAMEORIGIN" 
like image 814
Saeid Avatar asked Jun 08 '15 19:06

Saeid


People also ask

How do you set response headers in Flask?

To set response headers in Flask and Python, we set the headers property of the response object. to call make_response to create response object that returns a string response. Finally, we return the resp object in the home route.

How do you set a response header?

Select the web site where you want to add the custom HTTP response header. In the web site pane, double-click HTTP Response Headers in the IIS section. In the actions pane, select Add. In the Name box, type the custom HTTP header name.

How do I see all response headers?

To view the request or response HTTP headers in Google Chrome, take the following steps : In Chrome, visit a URL, right click , select Inspect to open the developer tools. Select Network tab. Reload the page, select any HTTP request on the left panel, and the HTTP headers will be displayed on the right panel.

Can response have headers?

A response header is an HTTP header that can be used in an HTTP response and that doesn't relate to the content of the message. Response headers, like Age , Location or Server are used to give a more detailed context of the response.


2 Answers

Set the header in a @app.after_request() hook, at which point you have a response object to set the header on:

@app.after_request def apply_caching(response):     response.headers["X-Frame-Options"] = "SAMEORIGIN"     return response 

The flask.request context is still available when this hook runs, so you can still vary the response based on the request at this time.

like image 97
Martijn Pieters Avatar answered Sep 21 '22 18:09

Martijn Pieters


The @app.after_request() hook was not adequate for my use case.

My use case is as follows: I have a google cloud function, and I want to set the CORS headers for all responses. There are possibly multiple responses, as I have to validate the input and return if there are issues with it, I have to process data and possibly return early if something fails etc. So I've created a helper function as follows:

# Helper function to return a response with status code and CORS headers def prepare_response(res_object, status_code):     response = flask.jsonify(res_object)     response.headers.set('Access-Control-Allow-Origin', '*')     response.headers.set('Access-Control-Allow-Methods', 'GET, POST')     return response, status_code 

Thus, when I want to return a response (always with CORS headers), I can now call this function and I do not duplicate the response.headers setup necessary to enable CORS.

like image 30
Rafael Marques Avatar answered Sep 19 '22 18:09

Rafael Marques