为 Flask-CORS 指定域
[英]Specify domains for Flask-CORS
问题描述
I have a Python script serving as web api and many domains will call this to get data they want.
我有一个 Python 脚本作为 web api 很多域会调用它来获取他们想要的数据。 So to make this workable I need to enable CORS. I read through the Flask documentation but did not find the way to specify multiples domains to allows CORS for them.因此,为了使其可行,我需要启用 CORS。我通读了 Flask 文档,但没有找到指定多个域以允许 CORS 的方法。
Here is code snippet that enables CORS:这是启用 CORS 的代码片段:
from flask_cors import cross_origin
@app.route("/")
@cross_origin()
The above snippet enables CORS for all the domains.上面的代码片段为所有域启用了 CORS。 I want to restrict this to some specific list of domains.我想将其限制为某些特定的域列表。 All I want to know how I can specify this list.我只想知道如何指定此列表。 Here is what I am trying to do:这是我正在尝试做的事情:
@cross_origin(["www.domain1.com, www.domain2.com"])
2 个解决方案
解决方案1
2 2016-07-28 18:13:22
From the documentation of CORS: http://flask-cors.corydolphin.com/en/latest/api.html?highlight=origin#flask_cors.cross_origin 从CORS的文档中: http : //flask-cors.corydolphin.com/en/latest/api.html? highlight= origin#flask_cors.cross_origin
flask_cors.cross_origin(*args, **kwargs)
The origin, or list of origins to allow requests from.
So, here you need to give list of string . 因此,在这里您需要给出string list 。 Like: 喜欢:
cross_origin(["http://www.domain1.com", "http://www.domain2.com"])
Notice here that you were giving all domain in a single string. 请注意,您在一个字符串中提供了所有域。 But you needed to provide a list. 但是您需要提供一个列表。 Also notice that you provide Fully Qualified Domain Name (FQDN) as per RFC 6454 and W3C Recommendation . 还要注意,您根据RFC 6454和W3C建议书提供了完全合格的域名(FQDN)。
You can also do something like this: 您还可以执行以下操作:
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
Here we're allowing every path in our app which starts with /api . 在这里,我们允许应用程序中以/api开头的所有路径。 Depending on your requirement, you can define appropriate path here. 根据您的要求,您可以在此处定义适当的路径。 Here you can also specify origins to a list of domains you want to enable CORS for. 您还可以在此处为要为其启用CORS的域的列表指定来源。
Here is the link to the code I've written: https://github.com/Mozpacers/MozStar/ 这是我编写的代码的链接: https : //github.com/Mozpacers/MozStar/
CORS doesn't do anything special; CORS并没有做任何特别的事情。 you just need to reply to the request with a special header which says that Access-Control-Allow-Origin contains the domain request is coming from. 您只需要用特殊的标头答复该请求,该标头说Access-Control-Allow-Origin包含域请求来自。
For pre-flight requests, you can see how you can reply with custom headers with Flask before_request and after_request decorators: https://github.com/CuriousLearner/TrackMyLinks/blob/master/src/server/views.py#L130 对于飞行前请求,您可以看到如何使用Flask before_request和after_request装饰器回复自定义标头: https : //github.com/CuriousLearner/TrackMyLinks/blob/master/src/server/views.py#L130
解决方案2
0 2023-01-11 13:28:27
wondering does it is possible to have something like the:想知道是否有可能有类似的东西:
cross_origin(["http://*.domain1.com", "http://www.*.domain2.com"])
? ?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.