I have an API running, using Flask, Flask-SQLAlchemy, and Flask-Restless, and am trying to make POST/PUT/DELETE requests from javascript (backbone.js, to be precise). However, I keep running into CORS errors - everything except GET returns an HTTP OPTIONS 501 Not Implemented Error in the browser.
Initially, I tried adding the least restrictive CORS headers possible to all responses:
@app.after_request
def after(response):
response.headers.add('Access-Control-Allow-Origin', '*')
response.headers.add('Access-Control-Allow-Methods',
'POST, GET, PUT, PATCH, DELETE, OPTIONS')
response.headers.add('Access-Control-Allow-Headers',
'Content-Type, X-Requested-With')
response.headers.add('Access-Control-Max-Age', '1728000')
return response
CORS seemed to fail when the request's Content-Type header was set to application/json (as required by the API), so a quick hack was made to get things working:
@app.before_request
def before():
request.environ['CONTENT_TYPE'] = 'application/json'
However, everything except POST still fails. Also, gevent's logging is turned on, but no OPTIONS requests are ever logged (which I believe is the CORS preflight stuff), even when the browser shows them failing with a 501.
Do I need to change something in gevent or Flask to get CORS working?
Edit: Running the API using the built-in Flask server works, so gevent is the problem here, but I can't seem to find much in the way of docs...
I have an API running, using Flask, Flask-SQLAlchemy, and Flask-Restless, and am trying to make POST/PUT/DELETE requests from javascript (backbone.js, to be precise). However, I keep running into CORS errors - everything except GET returns an HTTP OPTIONS 501 Not Implemented Error in the browser.
Initially, I tried adding the least restrictive CORS headers possible to all responses:
@app.after_request
def after(response):
response.headers.add('Access-Control-Allow-Origin', '*')
response.headers.add('Access-Control-Allow-Methods',
'POST, GET, PUT, PATCH, DELETE, OPTIONS')
response.headers.add('Access-Control-Allow-Headers',
'Content-Type, X-Requested-With')
response.headers.add('Access-Control-Max-Age', '1728000')
return response
CORS seemed to fail when the request's Content-Type header was set to application/json (as required by the API), so a quick hack was made to get things working:
@app.before_request
def before():
request.environ['CONTENT_TYPE'] = 'application/json'
However, everything except POST still fails. Also, gevent's logging is turned on, but no OPTIONS requests are ever logged (which I believe is the CORS preflight stuff), even when the browser shows them failing with a 501.
Do I need to change something in gevent or Flask to get CORS working?
Edit: Running the API using the built-in Flask server works, so gevent is the problem here, but I can't seem to find much in the way of docs...
Share Improve this question edited Dec 1, 2012 at 1:41 John Brodie asked Dec 1, 2012 at 0:56 John BrodieJohn Brodie 6,0271 gold badge20 silver badges29 bronze badges2 Answers
Reset to default 7There is a flask snippet Decorator for the HTTP Access Control, you can use @crossdomain(origin='*') decorator.
Simplest way is to use flask-cors plugin
Install using pip
pip install -U flask-cors
Sample Code
app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
@app.route("/api/v1/users")
def list_users():
return "user example"
For documentationh head over here flask-cors documentation.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744117653a4559249.html
评论列表(0条)