Sharing resources across multiple sites
I have the following site containing css / js / images / etc:
global.mysite.com
__init__.py
site has the following:
from flask import Flask
from flask.ext.cors import CORS
app = Flask('web')
CORS(app)
I can download resources from another site (we'll call it siteA) with no problem. Until I try to use the 2nd site (siteB) on the same machine, I get the following error:
The font from the source ' http://global.mysite.com ' is blocked from loading by the Cross-Origin Resource Sharing Policy: The header "Access-Control-Allow-Origin" has the value ' http://siteA.mysite.com ' which does not match the origin provided. Origin ' http://siteB.mysite.com ' is therefore not allowed.
Is there something I need to tweak in the CORS
site aspect , or perhaps a parameter in __init__.py
that I need to add in order to allow multiple sites?
It can also look like a caching problem. If so, any thoughts to resolve this?
If you need more information, please do not hesitate to comment.
source to share
I've never used the CORS extension, but it looks strange since you need to run your application with it. Can't use another extension like Flask-SocketIO
This decorator works on any route and requires no additional extension.
from datetime import timedelta
from flask import make_response, request, current_app
from functools import update_wrapper
def crossdomain(origin=None, methods=None, headers=None,
max_age=21600, attach_to_all=True,
automatic_options=True):
if methods is not None:
methods = ', '.join(sorted(x.upper() for x in methods))
if headers is not None and not isinstance(headers, basestring):
headers = ', '.join(x.upper() for x in headers)
if not isinstance(origin, basestring):
origin = ', '.join(origin)
if isinstance(max_age, timedelta):
max_age = max_age.total_seconds()
def get_methods():
if methods is not None:
return methods
options_resp = current_app.make_default_options_response()
return options_resp.headers['allow']
def decorator(f):
def wrapped_function(*args, **kwargs):
if automatic_options and request.method == 'OPTIONS':
resp = current_app.make_default_options_response()
else:
resp = make_response(f(*args, **kwargs))
if not attach_to_all and request.method != 'OPTIONS':
return resp
h = resp.headers
h['Access-Control-Allow-Origin'] = origin
h['Access-Control-Allow-Methods'] = get_methods()
h['Access-Control-Max-Age'] = str(max_age)
if headers is not None:
h['Access-Control-Allow-Headers'] = headers
return resp
f.provide_automatic_options = False
return update_wrapper(wrapped_function, f)
return decorator
And use it
@app.route('/my_service')
@crossdomain(origin='*')
def my_service():
return jsonify(foo='cross domain ftw')
source to share