A Flask extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible.
This package has a simple philosophy: when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc.
By default, submission of cookies across domains is disabled due to the security implications. Please see the documentation for how to enable credentialed requests, and please make sure you add some sort ofCSRFprotection before doing so!
Install the extension with using pip, or easy_install.
This package exposes a Flask extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.
In the simplest case, initialize the Flask-Cors extension with default arguments in order to allow CORS for all domains on all routes. See the full list of options in thedocumentation.
Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as theresourcesoption, mapping paths to a set of options. See the full list of options in thedocumentation.
This extension also exposes a simple decorator to decorate flask routes with. Simply addcross_origin()below a call to Flasksapp.route(..)to allow CORS on a given route. See the full list of options in thedecorator documentation.
For a full list of options, please see the fulldocumentation
If things arent working as you expect, enable logging to help understand what is going on under the hood, and why.
A simple set of tests is included intest/. To run, install nose, and simply invokenosetestsorpythonsetup.pytestto exercise the tests.
Questions, comments or improvements? Please create an issue onGithub, tweet atcorydolphinor send me an email. I do my best to include every contribution proposed in any way that I can.
This Flask extension is based upon theDecorator for the HTTP Access Controlwritten by Armin Ronacher.