[英]Python Flask-cors not returning back any of the cors headers in response
I am using Flask-Cors==3.0.3
Here's the way I am setting it up for my app, where the front end is on localhost:9000
on apache while the backend is on localhost:8080
: 我正在使用Flask-Cors==3.0.3
这是我为应用设置的方式,其中前端位于apache上的localhost:9000
上,后端位于localhost:8080
:
app = Flask(_name_, template_folder="www/templates", static_folder ="www/static" )
app.config['API_UPLOAD_FOLDER'] = config.API_UPLOAD_FOLDER
app.config['SMOKE_UPLOAD_FOLDER'] = config.SMOKE_UPLOAD_FOLDER
app.config['MONGODB_SETTINGS'] = {
'db': config.MONGO_DBNAME,
'host': config.MONGO_URI
}
app.config['CORS_HEADERS'] = 'Content-Type, auth'
app.config['CORS_RESOURCES'] = {r"/apis/*":{"origins":"http://localhost:9000"}}
app.config['CORS_METHODS'] = "GET,POST,OPTIONS"
app.config['CORS_SUPPORTS_CREDENTIALS'] = True
CORS(app)
and my request is like : 我的要求是这样的:
OPTIONS /apis/register HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: http://localhost:9000
Connection: close
and the response is : 响应是:
HTTP/1.1 200 OK
Server: nginx/1.10.1 (Ubuntu)
Date: Tue, 02 Jan 2018 08:52:29 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: close
Allow: POST, OPTIONS
I also tries doing it this way instead of the above and the results were still the same... no CORS headers in the response :( 我也尝试用这种方式代替上面的方法,结果仍然是相同的...响应中没有CORS标头:(
Cors = CORS(app, resources={r"/apis/*": {"origins": "localhost:9000"}}, supports_credentials=True, methods="GET, POST, OPTIONS", allow_headers="Content-type, auth")
Is there something that I am doing wrong here ? 我在这里做错什么了吗? Was trying more things here as changing this : 正在尝试通过更改此内容进行更多操作:
app.config['CORS_HEADERS'] = 'Content-Type, auth'
app.config['CORS_RESOURCES'] = {r"/apis/*":{"origins":"http://localhost:9000"}}
app.config['CORS_METHODS'] = "GET,POST,OPTIONS"
app.config['CORS_SUPPORTS_CREDENTIALS'] = True
to this: 对此:
app.config['CORS_HEADERS'] = ['Content-Type, auth']
app.config['CORS_RESOURCES'] = {r"/apis/*":{"origins":"http://localhost:9000"}}
app.config['CORS_METHODS'] = ["GET,POST,OPTIONS"]
app.config['CORS_SUPPORTS_CREDENTIALS'] = True
but the same results :( 但结果相同:(
What did seem to work though was using decorator instead of global app level settings like this: 似乎有效的方法是使用装饰器而不是像这样的全局应用程序级别设置:
@cross_origin(supports_credentials=True, methods=["GET, POST, OPTIONS"], headers=["content-type, auth"])
There's a comment in the source-code for flask-cors: 在flask-cors的源代码中有一条注释:
"If wildcard is in the origins, even if 'send_wildcard' is False, simply send the wildcard. Unless supports_credentials is True, since that is forbidded by the spec.." “如果起源中有通配符,即使'send_wildcard'为False,也只需发送通配符。除非support_credentials为True,否则该规范禁止这样做。”
They refer to the spec here: http://www.w3.org/TR/cors/#resource-requests which explicitly states "Note: The string "*" cannot be used for a resource that supports credentials." 它们参考此处的规范: http : //www.w3.org/TR/cors/#resource-requests ,其中明确指出“注意:字符串“ *”不能用于支持凭据的资源。“
So, the solution would seem to be to not use a wildcard origin. 因此,解决方案似乎是不使用通配符起源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.