Comments (7)
crookedstorm
commented on July 17, 2024
Note: I am using version 2.1.2. I've been reading other bug reports and don't see anything quite like this, so I'm baffled as to what is happening. Especially that weird 'file://' value.
from flask-cors.
crookedstorm
commented on July 17, 2024
Further information: I'm importing like this.
from flask import Blueprint, g
from marshmallow import ValidationError
from ..errors import bad_request, not_found
from flask.ext.cors import CORS
import logging
from ..decorators import rate_limit
api = Blueprint('api', __name__)
CORS(api)
logging.getLogger('flask_cors').level = logging.DEBUG
@api.errorhandler(ValidationError)
def validation_error(e):
return bad_request(e.args[0])
@api.errorhandler(400)
def bad_request_error(e):
return bad_request('invalid request')
@api.errorhandler(404)
def not_found_error(e):
return not_found('item not found')
@api.after_request
def after_request(response):
if hasattr(g, 'headers'):
response.headers.extend(g.headers)
return response
from . import endpoints, moreendpointsfrom flask-cors.
corydolphin
commented on July 17, 2024
Thanks so much for the detailed report. I really appreciate it!
Can you show me an example CURL request and response? Please ensure the Origin header is set.
Also, if you are able to increase logging verbosity to show debug messages that would be very helpful in debugging what Flask-CORS is doing in this case. There is an example of how to do this here: https://github.com/corydolphin/flask-cors/blob/master/examples/app_based_example.py#L24
Thanks again for the detailed report!
from flask-cors.
crookedstorm
commented on July 17, 2024
Sorry for not getting back. I'll try that, ensuring the Origin is set soon.
from flask-cors.
crookedstorm
commented on July 17, 2024
So! I got this on a first run without modification:
INFO:api.cors:The request's Access-Control-Request-Method header does not match allowed methods. CORS headers will not be applied.
Then it applied this header:
Access-Control-Allow-Origin โfile://
from flask-cors.
corydolphin
commented on July 17, 2024
Thanks for posting back and working with me Brooke! Really appreciate it.
Can you post the curl you made along with as much logging context around
that message as possible?
On Tue, Mar 29, 2016 at 1:08 PM Brooke Storm [email protected]
wrote:
So! I got this on a first run without modification:
INFO:api.cors:The request's Access-Control-Request-Method header does not
match allowed methods. CORS headers will not be applied.
Then it applied this header:
Access-Control-Allow-Origin โfile://โ
You are receiving this because you commented.Reply to this email directly or view it on GitHub
#146 (comment)
from flask-cors.
corydolphin
commented on July 17, 2024
Hey @crookedstorm I'm going to close this issue for now, let me know if you have more information to help me debug this.
from flask-cors.
Related Issues (20)
- enforcing same origin policy with flask-cors HOT 14
- Next.JS API Call to Flask API POST Endpoint - `Access-Control-Allow-Credentials` is not set properly
- Package prints unexpected DEBUG messages when app runs HOT 2
- Unknown keyword arguments silently ignored HOT 2
- Want to know the next version update time. HOT 1
- Project is dead? HOT 2
- CORS partially fails when making requests with axios in React HOT 3
- Access to fetch at 'http://127.0.0.1:5000/account/summary' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. HOT 2
- v4.0.0 isn't in CHANGELOG.md HOT 1
- two releases 4.0.0 and v4.0.0 HOT 2
- All private network requests unintentionally allowed
- Random Access-Control-Allow-Origin value being returned if Origin request header is not provided HOT 1
- The `4.0.0` release is incorrectly marked as supporting Python 2
- Who to contact for security issues HOT 2
- appropriate citation for the module? HOT 3
- python 3.12 HOT 2
- CORS issue
- Read the Docs is configured to build from a non-existent branch HOT 2
- CVE-2024-1681 response/patching HOT 2
- Security Issue CVE-2024-1681 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-cors.