README.rst 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122
  1. Flask-CORS
  2. ==========
  3. |Build Status| |Latest Version| |Supported Python versions|
  4. |License|
  5. A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
  6. This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain.
  7. This means no mucking around with different allowed headers, methods, etc.
  8. By default, submission of cookies across domains is disabled due to the security implications.
  9. Please see the documentation for how to enable credential'ed requests, and please make sure you add some sort of `CSRF <http://en.wikipedia.org/wiki/Cross-site_request_forgery>`__ protection before doing so!
  10. Installation
  11. ------------
  12. Install the extension with using pip, or easy\_install.
  13. .. code:: bash
  14. $ pip install -U flask-cors
  15. Usage
  16. -----
  17. This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods.
  18. It allows parameterization of all CORS headers on a per-resource level.
  19. The package also contains a decorator, for those who prefer this approach.
  20. Simple Usage
  21. ~~~~~~~~~~~~
  22. In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes.
  23. See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
  24. .. code:: python
  25. from flask import Flask
  26. from flask_cors import CORS
  27. app = Flask(__name__)
  28. CORS(app)
  29. @app.route("/")
  30. def helloWorld():
  31. return "Hello, cross-origin-world!"
  32. Resource specific CORS
  33. ^^^^^^^^^^^^^^^^^^^^^^
  34. Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the `resources` option, mapping paths to a set of options.
  35. See the full list of options in the `documentation <https://flask-cors.corydolphin.com/en/latest/api.html#extension>`__.
  36. .. code:: python
  37. app = Flask(__name__)
  38. cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
  39. @app.route("/api/v1/users")
  40. def list_users():
  41. return "user example"
  42. Route specific CORS via decorator
  43. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  44. This extension also exposes a simple decorator to decorate flask routes with.
  45. Simply add ``@cross_origin()`` below a call to Flask's ``@app.route(..)`` to allow CORS on a given route.
  46. See the full list of options in the `decorator documentation <https://flask-cors.corydolphin.com/en/latest/api.html#decorator>`__.
  47. .. code:: python
  48. @app.route("/")
  49. @cross_origin()
  50. def helloWorld():
  51. return "Hello, cross-origin-world!"
  52. Documentation
  53. -------------
  54. For a full list of options, please see the full `documentation <https://flask-cors.corydolphin.com/en/latest/api.html>`__
  55. Troubleshooting
  56. ---------------
  57. If things aren't working as you expect, enable logging to help understand what is going on under the hood, and why.
  58. .. code:: python
  59. logging.getLogger('flask_cors').level = logging.DEBUG
  60. Tests
  61. -----
  62. A simple set of tests is included in ``test/``.
  63. To run, install nose, and simply invoke ``nosetests`` or ``python setup.py test`` to exercise the tests.
  64. If nosetests does not work for you, due to it no longer working with newer python versions.
  65. You can use pytest to run the tests instead.
  66. Contributing
  67. ------------
  68. Questions, comments or improvements?
  69. Please create an issue on `Github <https://github.com/corydolphin/flask-cors>`__, tweet at `@corydolphin <https://twitter.com/corydolphin>`__ or send me an email.
  70. I do my best to include every contribution proposed in any way that I can.
  71. Credits
  72. -------
  73. This Flask extension is based upon the `Decorator for the HTTP Access Control <https://web.archive.org/web/20190128010149/http://flask.pocoo.org/snippets/56/>`__ written by Armin Ronacher.
  74. .. |Build Status| image:: https://github.com/corydolphin/flask-cors/actions/workflows/unittests.yaml/badge.svg
  75. :target: https://travis-ci.org/corydolphin/flask-cors
  76. .. |Latest Version| image:: https://img.shields.io/pypi/v/Flask-Cors.svg
  77. :target: https://pypi.python.org/pypi/Flask-Cors/
  78. .. |Supported Python versions| image:: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
  79. :target: https://img.shields.io/pypi/pyversions/Flask-Cors.svg
  80. .. |License| image:: http://img.shields.io/:license-mit-blue.svg
  81. :target: https://pypi.python.org/pypi/Flask-Cors/