CORS Headers not added with uncaught exception about flask-cors HOT 14 CLOSED

@robertfw totally true.

The way to work around this is to explicitly specify an error handler, and wrap the handler with @cross_origin().

I should add this to the list of gotchas.

@cross_origin()
@app.errorhandler(500)
def ise_handler():
    return 'foobar' 

from flask-cors.

@robertfw I have made a change which rectifies this issue. Are you willing to help me test it out?

Please install from the feature branch directly and let me know how it works for you!

pip install -U git+ssh://[email protected]/wcdolphin/flask-cors.git@feat/error-handling

from flask-cors.

Sure thing. Will let you know what I find.

from flask-cors.

Sorry for the delay. Appears to work fine so long as the app is not in debug mode, if debug=True the problem remains.

from flask-cors.

Sadly there doesn't seem to be a simple way toweap the responses in debug
mode.
I'll take another peek tonight to see if I missed anything.

Hopefully it would still be useful even if it doesn't work in debug. I
expect most CORS issues come up in production, anyways?

On Monday, September 22, 2014, Robert Warner [email protected]
wrote:

Sorry for the delay. Appears to work fine so long as the app is not in
debug mode.

—
Reply to this email directly or view it on GitHub
#67 (comment).

Sent from my mobile, please excuse spelling and brevity

from flask-cors.

I had a look as well and I think you are right. I am also seeing the same behaviour in debug mode using wsgicors.

from flask-cors.

I'd never seem wsgicors, I'll have to take a look. Could be cool to share
code potentially.

It would be great if everything could share a code base and implement only
a few specific methods to access options, request headers, etc.

On Tuesday, September 23, 2014, Robert Warner [email protected]
wrote:

I had a look as well and I think you are right. I am also seeing the same
behaviour in debug mode using wsgicors.

—
Reply to this email directly or view it on GitHub
#67 (comment).

Sent from my mobile, please excuse spelling and brevity

from flask-cors.

Released 1.10.0 which addresses this issue for non-development mode configuration.

If I get some time in the future, I might find a hack around the short-coming for development mode. There is likely a way to handle it with some jerryrigging.

Thanks for the report and your help testing, very much appreciated!

Happy holidays,
Cory

from flask-cors.

I'm seeing the same behaviour that the OP of this question originally was (no Access-Control-Origin header if my route throws an exception) on version 2.1.0 of flask-cors. Has there been a regression? Should this issue be reopened?

from flask-cors.

Hi @ExplodingCabbage,

Thanks for writing in!

Is Flask.DEBUG == True? Currently, we cannot easily catch and intercept the error handler when an uncaught exception is thrown in development mode, since Flask's exception handling catches it further up-the-stack to show you an informational error page.

Cheers,
Cory.

from flask-cors.

No, we're seeing this behaviour whether or not debug mode is on. I'll have a play around after work tonight and confirm if I can trivially reproduce this with a fresh flask app; if not, I'll rip apart the one I'm using at work to figure out what's special about it and see if I can construct a small reproducible example.

from flask-cors.

Cause found: we were explicitly setting

app.config['PROPAGATE_EXCEPTIONS'] = True

which seems to stop flask-cors from working. I assume this is known and nontrivial to fix.

from flask-cors.

So, if I'm understanding right after sniffing around in the code a little, the issue is that with PROPAGATE_EXCEPTIONS set to True, exceptions don't get handled by Flask at all (and no Flask response object gets returned) but instead propagate up into the Werkzeug layer which handles them by creating its own responses without touching any more Flask code?

Hmm. Perhaps we need a werkzeug-cors module.

from flask-cors.

Yep! I believe you are correct. I have never written a werkzeug middleware, but one of the goals of the architecture of flask-ocrs is that it should be possible to simply call out toe the methods in flask_cors.core and pass the request method, headers and CORS options. If you have a chance to look at this, I would be honored to hear back about it.

E.G you would be able to pass the arguments to https://github.com/corydolphin/flask-cors/blob/master/flask_cors/core.py#L155. Let me know :-)

from flask-cors.