发表新帖
发表新帖

Flask RESTful cross-domain issue with Angular: PUT, OPTIONS methods

前端 未结
关注
9 1108
臣服心动
臣服心动 2020-12-12 17:14

I\'ve developed a small write-only REST api with Flask Restful that accepts PUT request from a handful of clients that can potentially have changing IP addresses. My clients

相关标签:
9条回答
  • 无人及你
    2020-12-12 18:00

    With the Flask-CORS module, you can do cross-domain requests without changing your code.

    from flask.ext.cors import CORS

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
    • https://pypi.python.org/pypi/Flask-Cors
    • https://github.com/corydolphin/flask-cors

    Update

    As Eric suggested, the flask.ext.cors module is now deprecated, you should rather use the following code:

    from flask_cors import CORS

app = Flask(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
    0 讨论(0)
  • 天涯浪人
    2020-12-12 18:02

    You can use the after_request hook:

    @app.after_request
def after_request(response):
    response.headers.add('Access-Control-Allow-Origin', '*')
    response.headers.add('Access-Control-Allow-Headers', 'Content-Type,Authorization')
    response.headers.add('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE')
    return response
    0 讨论(0)
  • 爱一瞬间的悲伤
    2020-12-12 18:02

    I resolved the issue by rewriting my Flask backend to answer with an Access-Control-Allow-Origin header in my PUT response. Furthermore, I created an OPTIONS handler in my Flask app to answer the options method by following what I read in the http RFC.

    The return on the PUT method looks like this:

    return restful.request.form, 201, {'Access-Control-Allow-Origin': '*'}

    My OPTIONS method handler looks like this:

    def options (self):
    return {'Allow' : 'PUT' }, 200, \
    { 'Access-Control-Allow-Origin': '*', \
      'Access-Control-Allow-Methods' : 'PUT,GET' }

    @tbicr is right: Flask DOES answer the OPTIONS method automatically for you. However, in my case it wasn't transmitting the Access-Control-Allow-Origin header with that answer, so my browser was getting a reply from the api that seemed to imply that cross-domain requests were not permitted. I overloaded the options request in my case and added the ACAO header, and the browser seemed to be satisfied with that, and followed up OPTIONS with a PUT that also worked.

    0 讨论(0)
 看不清?
提交回复
热议问题