Flask CORS - 重定向上没有Access-control-allow-origin标头()
[英]Flask CORS - no Access-control-allow-origin header present on a redirect()
问题描述
I am implementing OAuth Twitter User-sign in (Flask API and Angular) 
我正在实施OAuth Twitter用户登录(Flask API和Angular)
I keep getting the following error when I click the sign in with twitter button and a pop up window opens: 当我点击使用twitter按钮登录并弹出一个弹出窗口时,我不断收到以下错误:
XMLHttpRequest cannot load https://api.twitter.com/oauth/authenticate?oauth_token=r-euFwAAAAAAgJsmAAABTp8VCiE. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
I am using the python-Cors packages to handle CORS, and I already have instagram sign in working correctly. 我使用python-Cors包来处理CORS,我已经有instagram登录正常工作。 I believe it has something to do with the response being a redirect but have not been able to correct the problem. 我认为它与响应是重定向有关,但无法解决问题。
My flask code looks like this: 我的烧瓶代码如下所示:
app = Flask(__name__, static_url_path='', static_folder=client_path)
cors = CORS(app, allow_headers='Content-Type', CORS_SEND_WILDCARD=True)
app.config.from_object('config')
@app.route('/auth/twitter', methods=['POST','OPTIONS'])
@cross_origin(origins='*', send_wildcard=True)
#@crossdomain(origin='')
def twitter():
request_token_url = 'https://api.twitter.com/oauth/request_token'
access_token_url = 'https://api.twitter.com/oauth/access_token'
authenticate_url = 'https://api.twitter.com/oauth/authenticate'
# print request.headers
if request.args.get('oauth_token') and request.args.get('oauth_verifier'):
-- omitted for brevity --
else:
oauth = OAuth1(app.config['TWITTER_CONSUMER_KEY'],
client_secret=app.config['TWITTER_CONSUMER_SECRET'],
callback_uri=app.config['TWITTER_CALLBACK_URL'])
r = requests.post(request_token_url, auth=oauth)
oauth_token = dict(parse_qsl(r.text))
qs = urlencode(dict(oauth_token=oauth_token['oauth_token']))
return redirect(authenticate_url + '?' + qs)
1 个解决方案
解决方案1
9 已采纳 2015-07-18 06:14:30
The problem is not yours. 问题不在于你。 Your client-side application is sending requests to Twitter, so it isn't you that need to support CORS, it is Twitter. 您的客户端应用程序正在向Twitter发送请求,因此您不需要支持CORS,而是Twitter。 But the Twitter API does not currently support CORS, which effectively means that you cannot talk to it directly from the browser. 但Twitter API目前不支持CORS,这实际上意味着您无法直接从浏览器与它通信。
A common practice to avoid this problem is to have your client-side app send the authentication requests to a server of your own (such as this same Flask application that you have), and in turn the server connects to the Twitter API. 避免此问题的常见做法是让客户端应用程序将身份验证请求发送到您自己的服务器(例如您拥有的相同Flask应用程序),然后服务器连接到Twitter API。 Since the server side isn't bound to the CORS requirements there is no problem. 由于服务器端不受CORS要求的约束,因此没有问题。
In case you want some ideas, I have written a blog article on doing this type of authentication flow for Facebook and Twitter: http://blog.miguelgrinberg.com/post/oauth-authentication-with-flask 如果你想要一些想法,我写了一篇关于为Facebook和Twitter做这种类型的认证流程的博客文章: http : //blog.miguelgrinberg.com/post/oauth-authentication-with-flask
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.