flask-cors
https://github.com/corydolphin/flask-cors/blob/master/examples/app_based_example.py
| """ | |
| Flask-Cors example | |
| =================== | |
| This is a tiny Flask Application demonstrating Flask-Cors, making it simple | |
| to add cross origin support to your flask app! | |
| :copyright: (C) 2013 by Cory Dolphin. | |
| :license: MIT/X11, see LICENSE for more details. | |
| """ | |
| from flask import Flask, jsonify | |
| import logging | |
| try: | |
| from flask.ext.cors import CORS # The typical way to import flask-cors | |
| except ImportError: | |
| # Path hack allows examples to be run without installation. | |
| import os | |
| parentdir = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) | |
| os.sys.path.insert(0, parentdir) | |
| from flask.ext.cors import CORS | |
| app = Flask('FlaskCorsAppBasedExample') | |
| logging.basicConfig(level=logging.INFO) | |
| # To enable logging for flask-cors, | |
| logging.getLogger('flask_cors').level = logging.DEBUG | |
| # One of the simplest configurations. Exposes all resources matching /api/* to | |
| # CORS and allows the Content-Type header, which is necessary to POST JSON | |
| # cross origin. | |
| CORS(app, resources=r'/api/*', allow_headers='Content-Type') | |
| @app.route("/") | |
| def helloWorld(): | |
| ''' | |
| Since the path '/' does not match the regular expression r'/api/*', | |
| this route does not have CORS headers set. | |
| ''' | |
| return ''' | |
| <html> | |
| <h1>Hello CORS!</h1> | |
| <h3> End to end editable example with jquery! </h3> | |
| <a class="jsbin-embed" href="http://jsbin.com/zazitas/embed?js,console">JS Bin on jsbin.com</a> | |
| <script src="//static.jsbin.com/js/embed.min.js?3.35.12"></script> | |
| </html> | |
| ''' | |
| @app.route("/api/v1/users/") | |
| def list_users(): | |
| ''' | |
| Since the path matches the regular expression r'/api/*', this resource | |
| automatically has CORS headers set. The expected result is as follows: | |
| $ curl --include -X GET http://127.0.0.1:5000/api/v1/users/ \ | |
| --header Origin:www.examplesite.com | |
| HTTP/1.0 200 OK | |
| Access-Control-Allow-Headers: Content-Type | |
| Access-Control-Allow-Origin: * | |
| Content-Length: 21 | |
| Content-Type: application/json | |
| Date: Sat, 09 Aug 2014 00:26:41 GMT | |
| Server: Werkzeug/0.9.4 Python/2.7.8 | |
| { | |
| "success": true | |
| } | |
| ''' | |
| return jsonify(user="joe") | |
| @app.route("/api/v1/users/create", methods=['POST']) | |
| def create_user(): | |
| ''' | |
| Since the path matches the regular expression r'/api/*', this resource | |
| automatically has CORS headers set. | |
| Browsers will first make a preflight request to verify that the resource | |
| allows cross-origin POSTs with a JSON Content-Type, which can be simulated | |
| as: | |
| $ curl --include -X OPTIONS http://127.0.0.1:5000/api/v1/users/create \ | |
| --header Access-Control-Request-Method:POST \ | |
| --header Access-Control-Request-Headers:Content-Type \ | |
| --header Origin:www.examplesite.com | |
| >> HTTP/1.0 200 OK | |
| Content-Type: text/html; charset=utf-8 | |
| Allow: POST, OPTIONS | |
| Access-Control-Allow-Origin: * | |
| Access-Control-Allow-Headers: Content-Type | |
| Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT | |
| Content-Length: 0 | |
| Server: Werkzeug/0.9.6 Python/2.7.9 | |
| Date: Sat, 31 Jan 2015 22:25:22 GMT | |
| $ curl --include -X POST http://127.0.0.1:5000/api/v1/users/create \ | |
| --header Content-Type:application/json \ | |
| --header Origin:www.examplesite.com | |
| >> HTTP/1.0 200 OK | |
| Content-Type: application/json | |
| Content-Length: 21 | |
| Access-Control-Allow-Origin: * | |
| Server: Werkzeug/0.9.6 Python/2.7.9 | |
| Date: Sat, 31 Jan 2015 22:25:04 GMT | |
| { | |
| "success": true | |
| } | |
| ''' | |
| return jsonify(success=True) | |
| if __name__ == "__main__": | |
| app.run(debug=True) |
What Doesn't Kill Me Makes Me Stronger
