没有得到 Access-Control-Allow-Headers 和 Access-Control-Max-Age 与 flask-cors
Not getting Access-Control-Allow-Headers and Access-Control-Max-Age with flask-cors
代码如下:
from flask import Flask, Response, request
import json
from flask_cors import CORS
from waitress import serve
app = Flask(__name__)
CORS(app, resources={r"/app/*": {"origins": "http://localhost:3000",
"allow_headers": ["Origin", "Authorization", "X-Frame-Options", "X-Requested-With", "DNT", "User-Agent", "If-Modified-Since", "Cache-Control", "Range", "X-Real-IP", "HOST", "X-NginX-Proxy", "Content-Type", "If-Match"],
"expose_headers": ["ETag", "Content-Length", "Content-Range", "Access-Control-Allow-Origin"],
"max_age": "3600"}})
@app.route('/app/compute', methods=['GET', 'POST', 'PUT'])
def compute():
input = request.json
responsedict = dict()
responsedict['customerid'] = 'customer A'
responsedict['loan_amount'] = 0
return Response(json.dumps(responsedict), status=200, mimetype="application/json")
serve(app, port=5000, host="0.0.0.0")
requirements.txt如下:
Flask==2.0.2
Flask-Cors==3.0.10
waitress==2.1.1
我没有关注 headers 以响应选项请求:Access-Control-Allow-Headers 和 Access-Control-Max-Age
任何指导将不胜感激。
根据扩展代码:
# This is a preflight request
# http://www.w3.org/TR/cors/#resource-preflight-requests
if request_method == 'OPTIONS':
acl_request_method = request_headers.get(ACL_REQUEST_METHOD, '').upper()
# If there is no Access-Control-Request-Method header or if parsing
# failed, do not set any additional headers
if acl_request_method and acl_request_method in options.get('methods'):
# If method is not a case-sensitive match for any of the values in
# list of methods do not set any additional headers and terminate
# this set of steps.
headers[ACL_ALLOW_HEADERS] = get_allow_headers(options, request_headers.get(ACL_REQUEST_HEADERS))
headers[ACL_MAX_AGE] = options.get('max_age')
headers[ACL_METHODS] = options.get('methods')
else:
LOG.info("The request's Access-Control-Request-Method header does not match allowed methods. CORS headers will not be applied.")
所以你需要发送一个OPTIONS请求,并且有Access-Control-Request-Method header。为了获得 Access-Control-Allow-Headers header 响应,您需要在请求中包含 Access-Control-Request-Headers。
此请求有效:
curl -vvv 'http://localhost:8000/app/compute2' -X OPTIONS -H "Access-Control-Request-Method: POST"
示例响应:
[ilias@yellowhat ~] > curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS -H "Access-Control-Request-Method: post"
* Trying 127.0.0.1:8000...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> OPTIONS /app/compute HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.79.1
> Accept: */*
> Access-Control-Request-Method: post
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Werkzeug/2.1.1 Python/3.10.4
< Date: Tue, 19 Apr 2022 14:18:33 GMT
< Content-Type: text/html; charset=utf-8
< Allow: POST, GET, HEAD, PUT, OPTIONS
< Access-Control-Allow-Origin: http://localhost:3000
< Access-Control-Expose-Headers: Access-Control-Allow-Origin, Content-Length, Content-Range, ETag
< Access-Control-Max-Age: 4444
< Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
[ilias@yellowhat ~] >
第二个header也是:
curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS -H "Access-Control-Request-Method: get" -H 'Access-Control-Request-Headers: If-Modified-Since,Cache-Control'
回复:
[ilias@yellowhat flask_cors] > curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS -H "Access-Control-Request-Method: get" -H 'Access-Control-Request-Headers: If-Modified-Since,Cache-Control'
* Trying 127.0.0.1:8000...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> OPTIONS /app/compute HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.79.1
> Accept: */*
> Access-Control-Request-Method: get
> Access-Control-Request-Headers: If-Modified-Since,Cache-Control
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Werkzeug/2.1.1 Python/3.10.4
< Date: Tue, 19 Apr 2022 14:35:26 GMT
< Content-Type: text/html; charset=utf-8
< Allow: GET, POST, PUT, HEAD, OPTIONS
< Access-Control-Allow-Origin: http://localhost:3000
< Access-Control-Expose-Headers: Access-Control-Allow-Origin, Content-Length, Content-Range, ETag
< Access-Control-Allow-Headers: Cache-Control, If-Modified-Since
< Access-Control-Max-Age: 4444
< Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
[ilias@yellowhat flask_cors] >
这些请求将不起作用:
curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS -H "Access-Control-Request-Method: somethinghere"
curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS
curl -vvv 'http://localhost:8000/app/compute' -H "Access-Control-Request-Method: POST"
代码如下:
from flask import Flask, Response, request
import json
from flask_cors import CORS
from waitress import serve
app = Flask(__name__)
CORS(app, resources={r"/app/*": {"origins": "http://localhost:3000",
"allow_headers": ["Origin", "Authorization", "X-Frame-Options", "X-Requested-With", "DNT", "User-Agent", "If-Modified-Since", "Cache-Control", "Range", "X-Real-IP", "HOST", "X-NginX-Proxy", "Content-Type", "If-Match"],
"expose_headers": ["ETag", "Content-Length", "Content-Range", "Access-Control-Allow-Origin"],
"max_age": "3600"}})
@app.route('/app/compute', methods=['GET', 'POST', 'PUT'])
def compute():
input = request.json
responsedict = dict()
responsedict['customerid'] = 'customer A'
responsedict['loan_amount'] = 0
return Response(json.dumps(responsedict), status=200, mimetype="application/json")
serve(app, port=5000, host="0.0.0.0")
requirements.txt如下:
Flask==2.0.2
Flask-Cors==3.0.10
waitress==2.1.1
我没有关注 headers 以响应选项请求:Access-Control-Allow-Headers 和 Access-Control-Max-Age
任何指导将不胜感激。
根据扩展代码:
# This is a preflight request
# http://www.w3.org/TR/cors/#resource-preflight-requests
if request_method == 'OPTIONS':
acl_request_method = request_headers.get(ACL_REQUEST_METHOD, '').upper()
# If there is no Access-Control-Request-Method header or if parsing
# failed, do not set any additional headers
if acl_request_method and acl_request_method in options.get('methods'):
# If method is not a case-sensitive match for any of the values in
# list of methods do not set any additional headers and terminate
# this set of steps.
headers[ACL_ALLOW_HEADERS] = get_allow_headers(options, request_headers.get(ACL_REQUEST_HEADERS))
headers[ACL_MAX_AGE] = options.get('max_age')
headers[ACL_METHODS] = options.get('methods')
else:
LOG.info("The request's Access-Control-Request-Method header does not match allowed methods. CORS headers will not be applied.")
所以你需要发送一个OPTIONS请求,并且有Access-Control-Request-Method header。为了获得 Access-Control-Allow-Headers header 响应,您需要在请求中包含 Access-Control-Request-Headers。
此请求有效:
curl -vvv 'http://localhost:8000/app/compute2' -X OPTIONS -H "Access-Control-Request-Method: POST"
示例响应:
[ilias@yellowhat ~] > curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS -H "Access-Control-Request-Method: post"
* Trying 127.0.0.1:8000...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> OPTIONS /app/compute HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.79.1
> Accept: */*
> Access-Control-Request-Method: post
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Werkzeug/2.1.1 Python/3.10.4
< Date: Tue, 19 Apr 2022 14:18:33 GMT
< Content-Type: text/html; charset=utf-8
< Allow: POST, GET, HEAD, PUT, OPTIONS
< Access-Control-Allow-Origin: http://localhost:3000
< Access-Control-Expose-Headers: Access-Control-Allow-Origin, Content-Length, Content-Range, ETag
< Access-Control-Max-Age: 4444
< Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
[ilias@yellowhat ~] >
第二个header也是:
curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS -H "Access-Control-Request-Method: get" -H 'Access-Control-Request-Headers: If-Modified-Since,Cache-Control'
回复:
[ilias@yellowhat flask_cors] > curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS -H "Access-Control-Request-Method: get" -H 'Access-Control-Request-Headers: If-Modified-Since,Cache-Control'
* Trying 127.0.0.1:8000...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> OPTIONS /app/compute HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.79.1
> Accept: */*
> Access-Control-Request-Method: get
> Access-Control-Request-Headers: If-Modified-Since,Cache-Control
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Werkzeug/2.1.1 Python/3.10.4
< Date: Tue, 19 Apr 2022 14:35:26 GMT
< Content-Type: text/html; charset=utf-8
< Allow: GET, POST, PUT, HEAD, OPTIONS
< Access-Control-Allow-Origin: http://localhost:3000
< Access-Control-Expose-Headers: Access-Control-Allow-Origin, Content-Length, Content-Range, ETag
< Access-Control-Allow-Headers: Cache-Control, If-Modified-Since
< Access-Control-Max-Age: 4444
< Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
< Content-Length: 0
<
* Connection #0 to host localhost left intact
[ilias@yellowhat flask_cors] >
这些请求将不起作用:
curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS -H "Access-Control-Request-Method: somethinghere"
curl -vvv 'http://localhost:8000/app/compute' -X OPTIONS
curl -vvv 'http://localhost:8000/app/compute' -H "Access-Control-Request-Method: POST"