flask-cors

https://github.com/corydolphin/flask-cors/blob/master/examples/app_based_example.py

"""
	Flask-Cors example
	===================
	This is a tiny Flask Application demonstrating Flask-Cors, making it simple
	to add cross origin support to your flask app!
	:copyright: (C) 2013 by Cory Dolphin.
	:license: MIT/X11, see LICENSE for more details.
	"""
	from flask import Flask, jsonify
	import logging
	try:
	from flask.ext.cors import CORS # The typical way to import flask-cors
	except ImportError:
	# Path hack allows examples to be run without installation.
	import os
	parentdir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
	os.sys.path.insert(0, parentdir)
	from flask.ext.cors import CORS
	app = Flask('FlaskCorsAppBasedExample')
	logging.basicConfig(level=logging.INFO)
	# To enable logging for flask-cors,
	logging.getLogger('flask_cors').level = logging.DEBUG
	# One of the simplest configurations. Exposes all resources matching /api/* to
	# CORS and allows the Content-Type header, which is necessary to POST JSON
	# cross origin.
	CORS(app, resources=r'/api/*', allow_headers='Content-Type')
	@app.route("/")
	def helloWorld():
	'''
	Since the path '/' does not match the regular expression r'/api/*',
	this route does not have CORS headers set.
	'''
	return '''
	<html>
	<h1>Hello CORS!</h1>
	<h3> End to end editable example with jquery! </h3>
	<a class="jsbin-embed" href="http://jsbin.com/zazitas/embed?js,console">JS Bin on jsbin.com</a>
	<script src="//static.jsbin.com/js/embed.min.js?3.35.12"></script>
	</html>
	'''
	@app.route("/api/v1/users/")
	def list_users():
	'''
	Since the path matches the regular expression r'/api/*', this resource
	automatically has CORS headers set. The expected result is as follows:
	$ curl --include -X GET http://127.0.0.1:5000/api/v1/users/ \
	--header Origin:www.examplesite.com
	HTTP/1.0 200 OK
	Access-Control-Allow-Headers: Content-Type
	Access-Control-Allow-Origin: *
	Content-Length: 21
	Content-Type: application/json
	Date: Sat, 09 Aug 2014 00:26:41 GMT
	Server: Werkzeug/0.9.4 Python/2.7.8
	{
	"success": true
	}
	'''
	return jsonify(user="joe")
	@app.route("/api/v1/users/create", methods=['POST'])
	def create_user():
	'''
	Since the path matches the regular expression r'/api/*', this resource
	automatically has CORS headers set.
	Browsers will first make a preflight request to verify that the resource
	allows cross-origin POSTs with a JSON Content-Type, which can be simulated
	as:
	$ curl --include -X OPTIONS http://127.0.0.1:5000/api/v1/users/create \
	--header Access-Control-Request-Method:POST \
	--header Access-Control-Request-Headers:Content-Type \
	--header Origin:www.examplesite.com
	>> HTTP/1.0 200 OK
	Content-Type: text/html; charset=utf-8
	Allow: POST, OPTIONS
	Access-Control-Allow-Origin: *
	Access-Control-Allow-Headers: Content-Type
	Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
	Content-Length: 0
	Server: Werkzeug/0.9.6 Python/2.7.9
	Date: Sat, 31 Jan 2015 22:25:22 GMT
	$ curl --include -X POST http://127.0.0.1:5000/api/v1/users/create \
	--header Content-Type:application/json \
	--header Origin:www.examplesite.com
	>> HTTP/1.0 200 OK
	Content-Type: application/json
	Content-Length: 21
	Access-Control-Allow-Origin: *
	Server: Werkzeug/0.9.6 Python/2.7.9
	Date: Sat, 31 Jan 2015 22:25:04 GMT
	{
	"success": true
	}
	'''
	return jsonify(success=True)
	if __name__ == "__main__":
	app.run(debug=True)