In this post I will show you how to enable CORS (Cross Origin Resource sharing) so that you can make HTTP requests from a different domain than the one you use for your Flask application written in Python.
We will just add a kind of middleware to modify all the responses and add the headers that allow CORS in Flask.
Enable Cross Origin Resource Sharing in Flask
Just add the following code, with the @app.after_request
annotation to indicate that we are modifying the response after the request:
"""
Enable CORS. Disable it if you don't need CORS
https://parzibyte.me/blog
"""
@app.after_request
def after_request(response):
response.headers["Access-Control-Allow-Origin"] = "*" # <- You can change "*" for a domain for example "http://localhost"
response.headers["Access-Control-Allow-Credentials"] = "true"
response.headers["Access-Control-Allow-Methods"] = "POST, GET, OPTIONS, PUT, DELETE"
response.headers["Access-Control-Allow-Headers"] = "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization"
return response
The Access-Control-Allow-Origin indicates the domain from which the requests will be allowed. Credentials is useful in case you use sessions or cookies. Access-Control-Allow-Methods indicates which HTTP methods are valid for CORS.
Finally Access-Control-Allow-Headers indicates which headers will be accepted for CORS.
Remember that you are free to modify any value to adapt it to your needs.