A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
Questions, comments or improvements? Please create an issue on Github, tweet at @wcdolphin or send me an email.
Install the extension with using pip, or easy_install.
$ pip install -U flask-cors
This extension enables CORS support either via a decorator, or a Flask extension. This extension enables CORS support either via a decorator, or a Flask extension. There are three examples shown in the examples directory, showing the major use cases.
In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS on all routes.
app = Flask(__name__)
cors = CORS(app)
@app.route("/")
def helloWorld():
return "Hello, cross-origin-world!"
Alternatively, a list of resources and associated settings for CORS can be supplied, selectively enables CORS support on a set of paths on your app.
Note: this resources parameter can also be set in your application's config.
app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
@app.route("/api/v1/users")
def list_users():
return "user example"
This extension also exposes a simple decorator to decorate flask
routes with.
Simply add @cross_origin()
below a call to Flask's
@app.route(..)
incanation to accept the default options and allow CORS on a given
route.
@app.route("/")
@cross_origin() # allow all origins all methods.
def helloWorld():
return "Hello, cross-origin-world!"
When using JSON cross origin, browsers will issue a pre-flight OPTIONS request for POST requests. In order for browsers to allow POST requests with a JSON content type, you must allow the Content-Type header. The simplest way to do this is to simply set the CORS_HEADERS configuration value on your application: e.g.
app.config['CORS_HEADERS'] = 'Content-Type'
Flask-Cors uses standard Python logging, using the module name 'Flask-Cors'. You can read more about logging from Flask's documentation. To add logging for flask_cors to the standard StreamHandler:
for logger in (app.logger, logging.getLogger('Flask-Cors')):
sh = logging.StreamHandler()
sh.setFormatter(
logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
)
logger.addHandler(sh)
logger.setLevel(logging.DEBUG)
.. autoclass:: flask_cors.CORS
.. autofunction:: flask_cors.cross_origin
This is the suggested approach to enabling CORS. The default configuration will work well for most use cases.
.. literalinclude:: ../examples/app_based_example.py :language: python
Alternatively, using the decorator on a per view basis enables CORS for only a particular view.
.. literalinclude:: ../examples/view_based_example.py :language: python