Python Flask solves cross-domain problems

coldplay.xixi
Release: 2020-10-14 17:39:01
forward
3110 people have browsed it

python video tutorial column introduces Python Flask to solve cross-domain problems.

Python Flask solves cross-domain problems

Directory of series of articles

Table of Contents

  • Directory of series of articles
  • Preface
  • Usage steps
    • 1. Import the library
    • 2. Configuration
      • 1. Use the CORS function to configure global routing
      • 2. Use @cross_origin to configure single-line routing
    • Configuration parameter description
  • ##Summary
  • Reference

Preface

Holy crap, it’s cross-domain again

Usage steps

1. Import the library

pip install flask-cors复制代码
Copy after login

2. Configuration

flask-cors has two usages, one is for global use, and the other is for specified routing

1. Use the

CORS function Configure global routing
from flask import Flask, requestfrom flask_cors import CORS

app = Flask(__name__)
CORS(app, supports_credentials=True)复制代码
Copy after login

CORS provides some parameters to help us customize the operation.

We can configure commonly used

origins, methods, allow_headers, supports_credentials

All configuration items are as follows:

:param resources:
    The series of regular expression and (optionally) associated CORS
    options to be applied to the given resource path.

    If the argument is a dictionary, it's keys must be regular expressions,
    and the values must be a dictionary of kwargs, identical to the kwargs
    of this function.

    If the argument is a list, it is expected to be a list of regular
    expressions, for which the app-wide configured options are applied.

    If the argument is a string, it is expected to be a regular expression
    for which the app-wide configured options are applied.

    Default : Match all and apply app-level configuration

:type resources: dict, iterable or string

:param origins:
    The origin, or list of origins to allow requests from.
    The origin(s) may be regular expressions, case-sensitive strings,
    or else an asterisk

    Default : '*'
:type origins: list, string or regex

:param methods:
    The method or list of methods which the allowed origins are allowed to
    access for non-simple requests.

    Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
:type methods: list or string

:param expose_headers:
    The header or list which are safe to expose to the API of a CORS API
    specification.

    Default : None
:type expose_headers: list or string

:param allow_headers:
    The header or list of header field names which can be used when this
    resource is accessed by allowed origins. The header(s) may be regular
    expressions, case-sensitive strings, or else an asterisk.

    Default : '*', allow all headers
:type allow_headers: list, string or regex

:param supports_credentials:
    Allows users to make authenticated requests. If true, injects the
    `Access-Control-Allow-Credentials` header in responses. This allows
    cookies and credentials to be submitted across domains.

    :note: This option cannot be used in conjuction with a '*' origin

    Default : False
:type supports_credentials: bool

:param max_age:
    The maximum time for which this CORS request maybe cached. This value
    is set as the `Access-Control-Max-Age` header.

    Default : None
:type max_age: timedelta, integer, string or None

:param send_wildcard: If True, and the origins parameter is `*`, a wildcard
    `Access-Control-Allow-Origin` header is sent, rather than the
    request's `Origin` header.

    Default : False
:type send_wildcard: bool

:param vary_header:
    If True, the header Vary: Origin will be returned as per the W3
    implementation guidelines.

    Setting this header when the `Access-Control-Allow-Origin` is
    dynamically generated (e.g. when there is more than one allowed
    origin, and an Origin than '*' is returned) informs CDNs and other
    caches that the CORS headers are dynamic, and cannot be cached.

    If False, the Vary header will never be injected or altered.

    Default : True
:type vary_header: bool复制代码
Copy after login

2. Use

@cross_origin to configure single-line routing
from flask import Flask, requestfrom flask_cors import cross_origin

app = Flask(__name__)@app.route('/')@cross_origin(supports_credentials=True)def hello():
    name = request.args.get("name", "World")    return f'Hello, {name}!'复制代码
Copy after login

where

cross_origin and CORS provides some essentially the same parameters.

We can configure commonly used

origins, methods, allow_headers, supports_credentials

All configuration items are as follows:

:param origins:
    The origin, or list of origins to allow requests from.
    The origin(s) may be regular expressions, case-sensitive strings,
    or else an asterisk

    Default : '*'
:type origins: list, string or regex

:param methods:
    The method or list of methods which the allowed origins are allowed to
    access for non-simple requests.

    Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
:type methods: list or string

:param expose_headers:
    The header or list which are safe to expose to the API of a CORS API
    specification.

    Default : None
:type expose_headers: list or string

:param allow_headers:
    The header or list of header field names which can be used when this
    resource is accessed by allowed origins. The header(s) may be regular
    expressions, case-sensitive strings, or else an asterisk.

    Default : '*', allow all headers
:type allow_headers: list, string or regex

:param supports_credentials:
    Allows users to make authenticated requests. If true, injects the
    `Access-Control-Allow-Credentials` header in responses. This allows
    cookies and credentials to be submitted across domains.

    :note: This option cannot be used in conjuction with a '*' origin

    Default : False
:type supports_credentials: bool

:param max_age:
    The maximum time for which this CORS request maybe cached. This value
    is set as the `Access-Control-Max-Age` header.

    Default : None
:type max_age: timedelta, integer, string or None

:param send_wildcard: If True, and the origins parameter is `*`, a wildcard
    `Access-Control-Allow-Origin` header is sent, rather than the
    request's `Origin` header.

    Default : False
:type send_wildcard: bool

:param vary_header:
    If True, the header Vary: Origin will be returned as per the W3
    implementation guidelines.

    Setting this header when the `Access-Control-Allow-Origin` is
    dynamically generated (e.g. when there is more than one allowed
    origin, and an Origin than '*' is returned) informs CDNs and other
    caches that the CORS headers are dynamic, and cannot be cached.

    If False, the Vary header will never be injected or altered.

    Default : True
:type vary_header: bool

:param automatic_options:
    Only applies to the `cross_origin` decorator. If True, Flask-CORS will
    override Flask's default OPTIONS handling to return CORS headers for
    OPTIONS requests.

    Default : True
:type automatic_options: bool复制代码
Copy after login
Configuration parameter description

##Parameterresourcesoriginsmethodsexpose_headersallow_headers##supports_credentialsBoolean valueAccess-Control- Allow-CredentialsFalseWhether to allow requests to send cookiestimedelta, integer, string In the cross-domain configuration of flask, we can use flask-cors
Type Head Default Description
Dictionary, iterator or string None All Configure routing interfaces that allow cross-domain routing
List, string or regular expression Access-Control-Allow-Origin * Configure origins that allow cross-domain access
List, string Access-Control-Allow-Methods [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE] Configure cross-domain support Request method
List, string Access-Control-Expose-Headers None Customize request response Head information
List, string or regular expression Access-Control-Request-Headers * Configure cross-domain request headers
##max_age
Access-Control-Max-Age None Valid duration of preflight request ##Summary
for configuration, where

CORS function

is used for global configuration, and

@cross_origin is used to implement Configuration of specific routes. More related free learning recommendations:

python video tutorial

The above is the detailed content of Python Flask solves cross-domain problems. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:juejin.im
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template