Clever Geek Handbook

Sharing resources across multiple sites

I have the following site containing css / js / images / etc:

global.mysite.com

__init__.py

site has the following:

from flask import Flask
from flask.ext.cors import CORS

app = Flask('web')
CORS(app)

I can download resources from another site (we'll call it siteA) with no problem. Until I try to use the 2nd site (siteB) on the same machine, I get the following error:

The font from the source ' http://global.mysite.com ' is blocked from loading by the Cross-Origin Resource Sharing Policy: The header "Access-Control-Allow-Origin" has the value ' http://siteA.mysite.com ' which does not match the origin provided. Origin ' http://siteB.mysite.com ' is therefore not allowed.

Is there something I need to tweak in the CORS

site aspect , or perhaps a parameter in __init__.py

that I need to add in order to allow multiple sites?

It can also look like a caching problem. If so, any thoughts to resolve this?

If you need more information, please do not hesitate to comment.

+3


source to share


2 answers


I've never used the CORS extension, but it looks strange since you need to run your application with it. Can't use another extension like Flask-SocketIO

This decorator works on any route and requires no additional extension.

from datetime import timedelta
from flask import make_response, request, current_app
from functools import update_wrapper


def crossdomain(origin=None, methods=None, headers=None,
                max_age=21600, attach_to_all=True,
                automatic_options=True):
    if methods is not None:
        methods = ', '.join(sorted(x.upper() for x in methods))
    if headers is not None and not isinstance(headers, basestring):
        headers = ', '.join(x.upper() for x in headers)
    if not isinstance(origin, basestring):
        origin = ', '.join(origin)
    if isinstance(max_age, timedelta):
        max_age = max_age.total_seconds()

    def get_methods():
        if methods is not None:
            return methods

        options_resp = current_app.make_default_options_response()
        return options_resp.headers['allow']

    def decorator(f):
        def wrapped_function(*args, **kwargs):
            if automatic_options and request.method == 'OPTIONS':
                resp = current_app.make_default_options_response()
            else:
                resp = make_response(f(*args, **kwargs))
            if not attach_to_all and request.method != 'OPTIONS':
                return resp

            h = resp.headers

            h['Access-Control-Allow-Origin'] = origin
            h['Access-Control-Allow-Methods'] = get_methods()
            h['Access-Control-Max-Age'] = str(max_age)
            if headers is not None:
                h['Access-Control-Allow-Headers'] = headers
            return resp

        f.provide_automatic_options = False
        return update_wrapper(wrapped_function, f)
    return decorator


And use it

@app.route('/my_service')
@crossdomain(origin='*')
def my_service():
    return jsonify(foo='cross domain ftw')
+1


source


You need to specify the source when you instantiate the class CORS

.

cors = CORS(app, resources={r"/fonts/*": {"origins": "*"}})


In this example, I've put in a wildcard, which can be overkill in most cases and not very "secret". So feel free to adapt with your own domain; -)

Learn more about CORS specific resources

0


source






More articles:


All Articles