Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Specify domains for Flask-CORS

Tags:

python

cors

flask

I have a Python script serving as web api and many domains will call this to get data they want. So to make this workable I need to enable CORS. I read through the Flask documentation but did not find the way to specify multiples domains to allows CORS for them.

Here is code snippet that enables CORS:

from flask_cors import cross_origin

@app.route("/")
@cross_origin()

The above snippet enables CORS for all the domains. I want to restrict this to some specific list of domains. All I want to know how I can specify this list. Here is what I am trying to do:

@cross_origin(["www.domain1.com, www.domain2.com"])
like image 797
D Deshmane Avatar asked Feb 06 '23 11:02

D Deshmane

1 Answers

From the documentation of CORS: http://flask-cors.corydolphin.com/en/latest/api.html?highlight=origin#flask_cors.cross_origin

flask_cors.cross_origin(*args, **kwargs)

The origin, or list of origins to allow requests from. The origin(s) may be regular expressions, case-sensitive strings, or else an asterisk

So, here you need to give list of string. Like:

cross_origin(["http://www.domain1.com", "http://www.domain2.com"])

Notice here that you were giving all domain in a single string. But you needed to provide a list. Also notice that you provide Fully Qualified Domain Name (FQDN) as per RFC 6454 and W3C Recommendation.

You can also do something like this:

cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

Here we're allowing every path in our app which starts with /api. Depending on your requirement, you can define appropriate path here. Here you can also specify origins to a list of domains you want to enable CORS for, like this:

cors = CORS(app, resources={r"/api/*": {"origins": ["http://www.domain1.com", "http://www.domain2.com"]}})

Here is the link to the code I've written: https://github.com/Mozpacers/MozStar/

CORS doesn't do anything special; you just need to reply to the request with a special header which says that Access-Control-Allow-Origin contains the domain request is coming from.

For pre-flight requests, you can see how you can reply with custom headers with Flask before_request and after_request decorators: https://github.com/CuriousLearner/TrackMyLinks/blob/master/src/server/views.py#L130

like image 67
Sanyam Khurana Avatar answered Feb 13 '23 07:02

Sanyam Khurana
Sign in to Comment

Related questions

Permutations with Order
Cython optimization
Implicit differentiation with Python 3?
How to write fftshift and ifftshift in R? [closed]
How to upload images to Google Cloud Storage using Google App Engine?
What's the standard way to package a python project with dependencies?
import statement is not working when running python script from the command line
When tested http POST with chrome POSTMAN, it doesn't work in django
Flip Pandas dataframe on column and create dictionary
dateutils rrule returns dates that 2 months apart
Can I search a slice of a string in Python but keep the index relative to the original string?
How to get log rate of change between rows in Pandas DataFrame effectively?
pyspark/dataframe: replace null with empty space
Elasticsearch insensitive search accents
Merging multiple dataframes on column
Summing values in a dictionary of lists and counting all zero values for the first items in the lists
Numpy Conditional Max of Range
webbrowser not opening new windows
Invalid ELF header tensorflow
How to run a Python script without Windows console appearing

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!