Python | Flask 解决跨域问题

系列文章目录



前言

我靠,又跨域了

使用步骤

1. 引入库

pip install flask-cors

2. 配置

flask-cors 有两种用法,一种为全局使用,一种对指定的路由使用

1. 使用 CORS函数 配置全局路由

from flask import Flask, request
from flask_cors import CORS app = Flask(__name__)
CORS(app, supports_credentials=True)

其中 CORS 提供了一些参数帮助我们定制一下操作。

常用的我们可以配置 originsmethodsallow_headerssupports_credentials

所有的配置项如下:


:param resources:
The series of regular expression and (optionally) associated CORS
options to be applied to the given resource path. If the argument is a dictionary, it's keys must be regular expressions,
and the values must be a dictionary of kwargs, identical to the kwargs
of this function. If the argument is a list, it is expected to be a list of regular
expressions, for which the app-wide configured options are applied. If the argument is a string, it is expected to be a regular expression
for which the app-wide configured options are applied. Default : Match all and apply app-level configuration :type resources: dict, iterable or string :param origins:
The origin, or list of origins to allow requests from.
The origin(s) may be regular expressions, case-sensitive strings,
or else an asterisk Default : '*'
:type origins: list, string or regex :param methods:
The method or list of methods which the allowed origins are allowed to
access for non-simple requests. Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
:type methods: list or string :param expose_headers:
The header or list which are safe to expose to the API of a CORS API
specification. Default : None
:type expose_headers: list or string :param allow_headers:
The header or list of header field names which can be used when this
resource is accessed by allowed origins. The header(s) may be regular
expressions, case-sensitive strings, or else an asterisk. Default : '*', allow all headers
:type allow_headers: list, string or regex :param supports_credentials:
Allows users to make authenticated requests. If true, injects the
`Access-Control-Allow-Credentials` header in responses. This allows
cookies and credentials to be submitted across domains. :note: This option cannot be used in conjuction with a '*' origin Default : False
:type supports_credentials: bool :param max_age:
The maximum time for which this CORS request maybe cached. This value
is set as the `Access-Control-Max-Age` header. Default : None
:type max_age: timedelta, integer, string or None :param send_wildcard: If True, and the origins parameter is `*`, a wildcard
`Access-Control-Allow-Origin` header is sent, rather than the
request's `Origin` header. Default : False
:type send_wildcard: bool :param vary_header:
If True, the header Vary: Origin will be returned as per the W3
implementation guidelines. Setting this header when the `Access-Control-Allow-Origin` is
dynamically generated (e.g. when there is more than one allowed
origin, and an Origin than '*' is returned) informs CDNs and other
caches that the CORS headers are dynamic, and cannot be cached. If False, the Vary header will never be injected or altered. Default : True
:type vary_header: bool

2. 使用 @cross_origin 来配置单行路由

from flask import Flask, request
from flask_cors import cross_origin app = Flask(__name__) @app.route('/')
@cross_origin(supports_credentials=True)
def hello():
name = request.args.get("name", "World")
return f'Hello, {name}!'

其中 cross_originCORS 提供一些基本相同的参数。

常用的我们可以配置 originsmethodsallow_headerssupports_credentials

所有的配置项如下:

:param origins:
The origin, or list of origins to allow requests from.
The origin(s) may be regular expressions, case-sensitive strings,
or else an asterisk Default : '*'
:type origins: list, string or regex :param methods:
The method or list of methods which the allowed origins are allowed to
access for non-simple requests. Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
:type methods: list or string :param expose_headers:
The header or list which are safe to expose to the API of a CORS API
specification. Default : None
:type expose_headers: list or string :param allow_headers:
The header or list of header field names which can be used when this
resource is accessed by allowed origins. The header(s) may be regular
expressions, case-sensitive strings, or else an asterisk. Default : '*', allow all headers
:type allow_headers: list, string or regex :param supports_credentials:
Allows users to make authenticated requests. If true, injects the
`Access-Control-Allow-Credentials` header in responses. This allows
cookies and credentials to be submitted across domains. :note: This option cannot be used in conjuction with a '*' origin Default : False
:type supports_credentials: bool :param max_age:
The maximum time for which this CORS request maybe cached. This value
is set as the `Access-Control-Max-Age` header. Default : None
:type max_age: timedelta, integer, string or None :param send_wildcard: If True, and the origins parameter is `*`, a wildcard
`Access-Control-Allow-Origin` header is sent, rather than the
request's `Origin` header. Default : False
:type send_wildcard: bool :param vary_header:
If True, the header Vary: Origin will be returned as per the W3
implementation guidelines. Setting this header when the `Access-Control-Allow-Origin` is
dynamically generated (e.g. when there is more than one allowed
origin, and an Origin than '*' is returned) informs CDNs and other
caches that the CORS headers are dynamic, and cannot be cached. If False, the Vary header will never be injected or altered. Default : True
:type vary_header: bool :param automatic_options:
Only applies to the `cross_origin` decorator. If True, Flask-CORS will
override Flask's default OPTIONS handling to return CORS headers for
OPTIONS requests. Default : True
:type automatic_options: bool

配置参数说明

参数 类型 Head 默认 说明
resources 字典、迭代器或字符串 全部 配置允许跨域的路由接口
origins 列表、字符串或正则表达式 Access-Control-Allow-Origin * 配置允许跨域访问的源
methods 列表、字符串 Access-Control-Allow-Methods [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE] 配置跨域支持的请求方式
expose_headers 列表、字符串 Access-Control-Expose-Headers None 自定义请求响应的Head信息
allow_headers 列表、字符串或正则表达式 Access-Control-Request-Headers * 配置允许跨域的请求头
supports_credentials 布尔值 Access-Control-Allow-Credentials False 是否允许请求发送cookie
max_age timedelta、整数、字符串 Access-Control-Max-Age None 预检请求的有效时长

总结

在 flask 的跨域配置中,我们可以使用 flask-cors 来进行配置,其中 CORS 函数 用来做全局的配置, @cross_origin 来实现特定路由的配置

参考

Python | Flask 解决跨域问题的更多相关文章

  1. Flask解决跨域

    Flask解决跨域 问题:网页上(client)有一个ajax请求,Flask sever是直接返回 jsonify. 然后ajax就报错:No 'Access-Control-Allow-Origi ...

  2. Python django解决跨域请求的问题

    解决方案 1.安装django-cors-headers pip3 install django-cors-headers 2.配置settings.py文件 INSTALLED_APPS = [ . ...

  3. Flask允许跨域

    什么是跨域 在 HTML 中,<a>, <form>, <img>, <script>, <iframe>, <link> 等标 ...

  4. Python之Flask和Django框架解决跨域问题,配合附加ajax和fetch等js代码

    Flask框架py解决跨域问题示例: # -*- coding: utf- -*- # by zhenghai.zhang from flask import Flask, render_templa ...

  5. 使用nginx解决跨域问题(flask为例)

    背景 我们单位的架构是在api和js之间架构一个中间层(python编写),以实现后端渲染,登录状态判定,跨域转发api等功能.但是这样一个中间会使前端工程师的工作量乘上两倍,原本js可以直接ajax ...

  6. element-ui + vue + node.js 与 服务器 Python 应用的跨域问题

    跨越问题解决的两种办法: 1. 在 config => index.js 中配置 proxyTable 代理: proxyTable: { '/charts': { target: 'http: ...

  7. 前端通过Nginx反向代理解决跨域问题

    在前面写的一篇文章SpringMVC 跨域,我们探讨了什么是跨域问题以及SpringMVC怎么解决跨域问题,解决方式主要有如下三种方式: JSONP CORS WebSocket 可是这几种方式都是基 ...

  8. 前后端分离djangorestframework——解决跨域请求

    跨域 什么是跨域 比如一个链接:http://www.baidu.com(端口默认是80端口), 如果再来一个链接是这样:http://api.baidu.com,这个就算是跨域了(因为域名不同) 再 ...

  9. 在django中解决跨域AJAX

    由于浏览器存在同源策略机制,同源策略阻止从一个源加载的文档或脚本获取另一个源加载的文档的属性. 特别的:由于同源策略是浏览器的限制,所以请求的发送和响应是可以进行,只不过浏览器不接收罢了. 浏览器同源 ...

  10. 【Nginx】使用Nginx如何解决跨域问题?看完这篇原来很简单!!

    写在前面 当今互联网行业,大部分Web项目基本都是采用的前后端分离模式.前端为H5项目,后端为Java.PHP.Python等项目.而且大部分后端服务并不会只部署一套服务,而是会采用Nginx对后端服 ...

随机推荐

  1. C# - 将HTML网页、HTML字符串转换为PDF

    将HTML转换为PDF可实现格式保留.可靠打印.文档归档等多种用途,满足不同领域和情境下的需求.本文将通过以下两个示例,演示如何使用第三方库Spire.PDF for .NET和QT插件在C# 中将H ...

  2. 遥感图像处理笔记之【Сrор field boundary detection: approaches and main challenges】

    遥感图像处理学习(6) 前言 遥感系列第6篇.遥感图像处理方向的学习者可以参考或者复刻 本文初编辑于2023年12月16日 2024年1月24日搬运至本人博客园平台 文章标题:Сrор field b ...

  3. 5、后端学习规划:.Net学习 - 学习规划系列文章

    .Net是微软发布的一整套的软件编程解决方案.笔者从大学的时代开始就阅读.netframework的书籍了,但是当时没有进行实践.毕业后,笔者去了微软技术中心的公司上班,所以就接触了.net以及C#编 ...

  4. php获取服务器操作系统等信息

    php获取服务器操作系统等信息 获取请求页面时通信协议的名称和版本: $_SERVER['SERVER_PROTOCOL'] 例如,"HTTP/1.0". PHP程式版本:< ...

  5. 如何使用ASP.NET Core 中的 Hangfire 实现作业调度

    https://procodeguide.com/programming/hangfire-in-aspnet-core-schedule-jobs/ 如何使用ASP.NET Core 中的 Hang ...

  6. react中的setState是同步还是异步?react为什么要将其设计成异步?

    壹 ❀ 引 了解react的同学都知道,react遵守渲染公式UI=Render(state),状态决定了组件UI最终渲染的样子(props也可以理解为外部传入的状态),由此可见state对于reac ...

  7. Sentinel 源码学习

    引入依赖 <dependency> <groupId>com.alibaba.csp</groupId> <artifactId>sentinel-co ...

  8. Swoole从入门到入土(25)——多进程[进程间无锁计数器]

    Atomic 是 Swoole 底层提供的原子计数操作类,可以方便整数的无锁原子增减.原子计数器有如下特点: - 使用共享内存,可以在不同的进程之间操作计数 - 基于 gcc/clang 提供的 CP ...

  9. golang常用库包:http和API客户端请求库-go-resty

    简介 golang 里的 http 标准库,发起 http 请求时,写法比较繁琐.所以智慧又"偷懒的"程序员们,发挥自己的创造力,写出了一些好用的第三方库,这里介绍其中的一个 ht ...

  10. go经典知识及总结

    1.无论sync.Mutex还是其衍生品都会提示不能复制,但是能够编译运行 加锁后复制变量,会将锁的状态也复制,所以 mu1 其实是已经加锁状态,再加锁会死锁. 所以此题的答案是 fatal erro ...