I want to allow only localhost as access-control-allow-origin in my Flask app. I tried searching for this issue at other places with no solution. My code is very simple and straightforward as follows :
from flask import Flask
from routes.routes import *
from flask_cors import CORS
app = Flask(__name__)
CORS(app, resources={r"/*": {"origins": "http://localhost:3000"}})
app.wsgi_app = PrefixMiddleware(app.wsgi_app, prefix='/drax')
app.add_url_rule('/template/<actionId>/<actionName>', None, templateActions, methods=['GET'])
The above should ONLY allow any request from localhost:3000 and not from anywhere else, like localhost:8080. But even when I make the request from port 8080 (another web app), it allows the request.
Looks like you need to specify a valid http origin in your request as under:
CORS(
app,
supports_credentials=True,
resources={
r"/*": {
"origins": [
"http://localhost:3000",
""http://localhost"
"http://127.0.0.1:3000",
"http://127.0.0.1,
]
}
},
)
I do not think http://local is a valid origin
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.