Python | Flask 解决跨域问题

系列文章目录

前言

我靠,又跨域了

使用步骤

1. 引入库

pip install flask-cors

2. 配置

flask-cors 有两种用法,一种为全局使用,一种对指定的路由使用

1. 使用 CORS函数 配置全局路由

from flask import Flask, request

from flask_cors import CORS

app = Flask(__name__)

CORS(app, supports_credentials=True)

其中 CORS 提供了一些参数帮助我们定制一下操作。

常用的我们可以配置 originsmethodsallow_headerssupports_credentials

所有的配置项如下:



:param resources:

    The series of regular expression and (optionally) associated CORS

    options to be applied to the given resource path.

    If the argument is a dictionary, it's keys must be regular expressions,

    and the values must be a dictionary of kwargs, identical to the kwargs

    of this function.

    If the argument is a list, it is expected to be a list of regular

    expressions, for which the app-wide configured options are applied.

    If the argument is a string, it is expected to be a regular expression

    for which the app-wide configured options are applied.

    Default : Match all and apply app-level configuration

:type resources: dict, iterable or string

:param origins:

    The origin, or list of origins to allow requests from.

    The origin(s) may be regular expressions, case-sensitive strings,

    or else an asterisk

    Default : '*'

:type origins: list, string or regex

:param methods:

    The method or list of methods which the allowed origins are allowed to

    access for non-simple requests.

    Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]

:type methods: list or string

:param expose_headers:

    The header or list which are safe to expose to the API of a CORS API

    specification.

    Default : None

:type expose_headers: list or string

:param allow_headers:

    The header or list of header field names which can be used when this

    resource is accessed by allowed origins. The header(s) may be regular

    expressions, case-sensitive strings, or else an asterisk.

    Default : '*', allow all headers

:type allow_headers: list, string or regex

:param supports_credentials:

    Allows users to make authenticated requests. If true, injects the

    `Access-Control-Allow-Credentials` header in responses. This allows

    cookies and credentials to be submitted across domains.

    :note: This option cannot be used in conjuction with a '*' origin

    Default : False

:type supports_credentials: bool

:param max_age:

    The maximum time for which this CORS request maybe cached. This value

    is set as the `Access-Control-Max-Age` header.

    Default : None

:type max_age: timedelta, integer, string or None

:param send_wildcard: If True, and the origins parameter is `*`, a wildcard

    `Access-Control-Allow-Origin` header is sent, rather than the

    request's `Origin` header.

    Default : False

:type send_wildcard: bool

:param vary_header:

    If True, the header Vary: Origin will be returned as per the W3

    implementation guidelines.

    Setting this header when the `Access-Control-Allow-Origin` is

    dynamically generated (e.g. when there is more than one allowed

    origin, and an Origin than '*' is returned) informs CDNs and other

    caches that the CORS headers are dynamic, and cannot be cached.

    If False, the Vary header will never be injected or altered.

    Default : True

:type vary_header: bool

2. 使用 @cross_origin 来配置单行路由

from flask import Flask, request

from flask_cors import cross_origin

app = Flask(__name__)

@app.route('/')

@cross_origin(supports_credentials=True)

def hello():

    name = request.args.get("name", "World")

    return f'Hello, {name}!'

其中 cross_originCORS 提供一些基本相同的参数。

常用的我们可以配置 originsmethodsallow_headerssupports_credentials

所有的配置项如下:

:param origins:

    The origin, or list of origins to allow requests from.

    The origin(s) may be regular expressions, case-sensitive strings,

    or else an asterisk

    Default : '*'

:type origins: list, string or regex

:param methods:

    The method or list of methods which the allowed origins are allowed to

    access for non-simple requests.

    Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]

:type methods: list or string

:param expose_headers:

    The header or list which are safe to expose to the API of a CORS API

    specification.

    Default : None

:type expose_headers: list or string

:param allow_headers:

    The header or list of header field names which can be used when this

    resource is accessed by allowed origins. The header(s) may be regular

    expressions, case-sensitive strings, or else an asterisk.

    Default : '*', allow all headers

:type allow_headers: list, string or regex

:param supports_credentials:

    Allows users to make authenticated requests. If true, injects the

    `Access-Control-Allow-Credentials` header in responses. This allows

    cookies and credentials to be submitted across domains.

    :note: This option cannot be used in conjuction with a '*' origin

    Default : False

:type supports_credentials: bool

:param max_age:

    The maximum time for which this CORS request maybe cached. This value

    is set as the `Access-Control-Max-Age` header.

    Default : None

:type max_age: timedelta, integer, string or None

:param send_wildcard: If True, and the origins parameter is `*`, a wildcard

    `Access-Control-Allow-Origin` header is sent, rather than the

    request's `Origin` header.

    Default : False

:type send_wildcard: bool

:param vary_header:

    If True, the header Vary: Origin will be returned as per the W3

    implementation guidelines.

    Setting this header when the `Access-Control-Allow-Origin` is

    dynamically generated (e.g. when there is more than one allowed

    origin, and an Origin than '*' is returned) informs CDNs and other

    caches that the CORS headers are dynamic, and cannot be cached.

    If False, the Vary header will never be injected or altered.

    Default : True

:type vary_header: bool

:param automatic_options:

    Only applies to the `cross_origin` decorator. If True, Flask-CORS will

    override Flask's default OPTIONS handling to return CORS headers for

    OPTIONS requests.

    Default : True

:type automatic_options: bool

配置参数说明

参数 类型 Head 默认 说明
resources 字典、迭代器或字符串 全部 配置允许跨域的路由接口
origins 列表、字符串或正则表达式 Access-Control-Allow-Origin * 配置允许跨域访问的源
methods 列表、字符串 Access-Control-Allow-Methods [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE] 配置跨域支持的请求方式
expose_headers 列表、字符串 Access-Control-Expose-Headers None 自定义请求响应的Head信息
allow_headers 列表、字符串或正则表达式 Access-Control-Request-Headers * 配置允许跨域的请求头
supports_credentials 布尔值 Access-Control-Allow-Credentials False 是否允许请求发送cookie
max_age timedelta、整数、字符串 Access-Control-Max-Age None 预检请求的有效时长

总结

在 flask 的跨域配置中,我们可以使用 flask-cors 来进行配置,其中 CORS 函数 用来做全局的配置, @cross_origin 来实现特定路由的配置

参考

Python | Flask 解决跨域问题的更多相关文章

  1. Flask解决跨域

    Flask解决跨域 问题:网页上(client)有一个ajax请求,Flask sever是直接返回 jsonify. 然后ajax就报错:No 'Access-Control-Allow-Origi ...

  2. Python django解决跨域请求的问题

    解决方案 1.安装django-cors-headers pip3 install django-cors-headers 2.配置settings.py文件 INSTALLED_APPS = [ . ...

  3. Flask允许跨域

    什么是跨域 在 HTML 中,<a>, <form>, <img>, <script>, <iframe>, <link> 等标 ...

  4. Python之Flask和Django框架解决跨域问题,配合附加ajax和fetch等js代码

    Flask框架py解决跨域问题示例: # -*- coding: utf- -*- # by zhenghai.zhang from flask import Flask, render_templa ...

  5. 使用nginx解决跨域问题(flask为例)

    背景 我们单位的架构是在api和js之间架构一个中间层(python编写),以实现后端渲染,登录状态判定,跨域转发api等功能.但是这样一个中间会使前端工程师的工作量乘上两倍,原本js可以直接ajax ...

  6. element-ui + vue + node.js 与 服务器 Python 应用的跨域问题

    跨越问题解决的两种办法: 1. 在 config => index.js 中配置 proxyTable 代理: proxyTable: { '/charts': { target: 'http: ...

  7. 前端通过Nginx反向代理解决跨域问题

    在前面写的一篇文章SpringMVC 跨域,我们探讨了什么是跨域问题以及SpringMVC怎么解决跨域问题,解决方式主要有如下三种方式: JSONP CORS WebSocket 可是这几种方式都是基 ...

  8. 前后端分离djangorestframework——解决跨域请求

    跨域 什么是跨域 比如一个链接:http://www.baidu.com(端口默认是80端口), 如果再来一个链接是这样:http://api.baidu.com,这个就算是跨域了(因为域名不同) 再 ...

  9. 在django中解决跨域AJAX

    由于浏览器存在同源策略机制,同源策略阻止从一个源加载的文档或脚本获取另一个源加载的文档的属性. 特别的:由于同源策略是浏览器的限制,所以请求的发送和响应是可以进行,只不过浏览器不接收罢了. 浏览器同源 ...

  10. 【Nginx】使用Nginx如何解决跨域问题?看完这篇原来很简单!!

    写在前面 当今互联网行业,大部分Web项目基本都是采用的前后端分离模式.前端为H5项目,后端为Java.PHP.Python等项目.而且大部分后端服务并不会只部署一套服务,而是会采用Nginx对后端服 ...

随机推荐

  1. SpringCloud-02-Nacos注册中心

    Nacos注册中心 1.认识Nacos Nacos是阿里巴巴的产品,现在是SpringCloud中的一个组件.相比Eureka功能更加丰富,在国内受欢迎程度较高. 2.安装Nacos 1 1.下载安装 ...

  2. SVC服务的发布

    目录 服务的发布 发布的方式 1.NodePort 方法一:创建的时候直接指定类型 方法二:在线修改(将其他类型改为NodePort) 2.LoadBalance 3.Ingress(推荐/重点) 服 ...

  3. 《SagDRE: Sequence-Aware Graph-Based Document-Level Relation Extraction with Adaptive Margin Loss》论文阅读笔记

    代码 原文地址 关键参考文献: Document-Level Relation Extraction with Adaptive Thresholding and Localized Context ...

  4. NC16679 [NOIP2003]神经网络

    题目链接 题目 题目描述 人工神经网络(Artificial Neural Network)是一种新兴的具有自我学习能力的计算系统,在模式识别.函数逼近及贷款风险评估等诸多领域有广泛的应用.对神经网络 ...

  5. python常用的搜索字符内容函数详解:re.findall/findfiter

    区别findall返回listfinditer返回一个MatchObject类型的iterator详细举例介绍1.findall在字符串中找到正则表达式所匹配的所有子串,并返回一个列表,如果没有找到匹 ...

  6. 在linux 平台上源码编译安装MySQL 8.0

    从根源上掌握MySQL安装,以此类推,在linux 平台上通过源码安装其他c/c++软件都是大同小异​.​ 1. 安装方式 linux 的安装包分为RPM 包.二进制包和源码包. 不同的安装方式各有优 ...

  7. 【Unity3D】协同程序

    1 简介 ​ 1)协程概念 ​ 协同程序(Coroutine)简称协程,是伴随主线程一起运行的程序片段,是一个能够暂停执行的函数,用于解决程序并行问题.协程是 C# 中的概念,由于 Unity3D 的 ...

  8. IDEA从o开始的一系列操作及修改配置-快捷键汇总

    IDEA从o开始的一系列操作及修改配置-快捷键汇总 下载IDEA 启动idea 安装svn插件 功能快捷键 先设置提示快捷键(纯属个人喜好) 入门快捷键 查找 编辑 小功能 自动代码提示 自动导包 T ...

  9. CF1398C Good Subarrays(写给我们萌新团体)

    Good Subarrays 传送门: Good Subarrays - 洛谷 | 计算机科学教育新生态 (luogu.com.cn) 思路 暴力!!!!! 一如既往的暴力!!! 复杂度O(n^2) ...

  10. SpringBoot整合aspectj实现面向切面编程(即AOP)

    前言 "面向切面编程",这样的名字并不是非常容易理解,且容易产生一些误导.但在实际业务中,AOP有着广泛的用途,比如日志记录,性能统计,安全控制,事务处理,异常处理等等. 举些栗子 ...