Comments (7)
@tonymobster I'm working on workaround for preflight requests, haven't committed yet.
Here is the working piece of code that is fixing the problem.
You should replace route
method in flask_restplus_patched/namespace.py
(in the bottom):
@staticmethod
def preflight_options_handler(func):
def decorator(*args, **kwargs):
if (
'Access-Control-Request-Headers' in flask.request.headers
and
'Access-Control-Request-Method' in flask.request.headers
):
# TODO add response headers to return available methods
return flask.Response(status=HTTPStatus.OK)
func(*args, **kwargs)
return decorator
def route(self, *args, **kwargs):
base_wrapper = super(Namespace, self).route(*args, **kwargs)
def wrapper(cls):
if 'OPTIONS' in cls.methods:
cls.options = self.preflight_options_handler(
self.response(code=HTTPStatus.NO_CONTENT)(cls.options)
)
return base_wrapper(cls)
return wrapper
Please, fill free to ping me if you need anything else :)
from flask-restplus-server-example.
Where do I set additional CORS headers, e.g. Access-Control-Allow-Origin?
There are three options:
- Set them on the reverse proxy (e.g. Nginx): https://github.com/frol/flask-restplus-server-example/blob/master/deploy/stack1/revproxy/conf.d/default.conf#L10
- Set them on individual endpoints using
@flask_restplus.cors.crossdomain
decorator: https://github.com/noirbizarre/flask-restplus/blob/master/tests/test_cors.py (tests are the best examples ;)) - Extend the
@Namespace.route
implementation (there is already a custom Namespace implementation inapp/extensions/api/namespace.py
specifically to serve such use-cases) adding the headers automatically to all your endpoints.
And can you clarify # TODO add response headers to return available methods?
@khorolets's current implementation always returns HTTP/200 OK, but it will be just nicer to also return Allow
header with only implemented methods (it is not hard, but we just need to bootstrap another project before we can change our focus back to the API server)
from flask-restplus-server-example.
@khorolets Please, take a look at this (notice the "permissions check" part). This should be a part of Flask-RESTplus, so I suggest you "patch" Resource (inherit and switch all direct uses) with def options
method. Meanwhile, I will try to come up with new tasks special for you.
from flask-restplus-server-example.
I would like the default implementation of OPTIONS would be quite basic (though it will be still challenging to implement it), the response will need to check if current user can access the endpoint with certain method types, so the possible response might be:
-
Not authenticated user (POST is used for sign up):
OPTIONS /users/ 204 OK Allow: POST
-
Authenticated user:
OPTIONS /users/ 204 OK Allow: GET, POST
-
Imagine that only admins can delete users, and here is the output for admin as a current user:
OPTIONS /users/ 204 OK Allow: GET, POST, DELETE
from flask-restplus-server-example.
How do I disable authentication for the OPTIONS requests? Currently it needs the authorization header to be set but for preflight requests the browser doesn't set the request header, i.e.
`Accept:/
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Access-Control-Request-Headers:authorization
Access-Control-Request-Method:GET
Connection:keep-alive
DNT:1
Host:localhost:5000
Origin:http://localhost:3000
Referer:http://localhost:3000/start
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36`
from flask-restplus-server-example.
I'll try that later and feedback. 2 quick question. Where do I set additional CORS headers, e.g. Access-Control-Allow-Origin? And can you clarify # TODO add response headers to return available methods
?
Thanks @khorolets
from flask-restplus-server-example.
@tonymobster The code I had shared has been refactored a little bit, please have a look at pull request
/cc @frol
from flask-restplus-server-example.
Related Issues (20)
- auth failed with access_token from Client Credentials Grant HOT 3
- Werkzeug version is incompatible HOT 2
- [QUESTION] How can i work with SQLALCHEMY_BINDS? HOT 2
- How Can I Disable OAuth2 Module? HOT 2
- How to display Chinese in API Response? HOT 2
- How can add my model in API for this flame? HOT 1
- How to implement filter query request for the framework? HOT 4
- How can use Mysql DB Instead Sqlite? HOT 2
- How to run the application as a service? HOT 1
- How can to custom json response for this project? HOT 3
- [QUESTION] Best place to implement implement expanding of returned objects/schema's HOT 2
- why the project backend run failed on linux(centos7) ? HOT 4
- How can I upload or update a file field? HOT 1
- [Question] Oauth: How to use other Oauth system? HOT 2
- How can you use schemas in this project with celery HOT 4
- [Question] Best practice for nested data in POST HOT 6
- File upload works as documented, but SPA's also can upload file's via JSON in body HOT 1
- Porting to Flask-RESTX? HOT 1
- Question: what is suggested way to add endpoints to respond web pages ? HOT 2
- ModuleNotFoundError: No module named 'config' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-restplus-server-example.