Comments (14)
@robertfw totally true.
The way to work around this is to explicitly specify an error handler, and wrap the handler with @cross_origin().
I should add this to the list of gotchas.
@cross_origin()
@app.errorhandler(500)
def ise_handler():
return 'foobar'
from flask-cors.
@robertfw I have made a change which rectifies this issue. Are you willing to help me test it out?
Please install from the feature branch directly and let me know how it works for you!
pip install -U git+ssh://[email protected]/wcdolphin/flask-cors.git@feat/error-handling
from flask-cors.
Sure thing. Will let you know what I find.
from flask-cors.
Sorry for the delay. Appears to work fine so long as the app is not in debug mode, if debug=True the problem remains.
from flask-cors.
Sadly there doesn't seem to be a simple way toweap the responses in debug
mode.
I'll take another peek tonight to see if I missed anything.
Hopefully it would still be useful even if it doesn't work in debug. I
expect most CORS issues come up in production, anyways?
On Monday, September 22, 2014, Robert Warner [email protected]
wrote:
Sorry for the delay. Appears to work fine so long as the app is not in
debug mode.—
Reply to this email directly or view it on GitHub
#67 (comment).
Sent from my mobile, please excuse spelling and brevity
from flask-cors.
I had a look as well and I think you are right. I am also seeing the same behaviour in debug mode using wsgicors.
from flask-cors.
I'd never seem wsgicors, I'll have to take a look. Could be cool to share
code potentially.
It would be great if everything could share a code base and implement only
a few specific methods to access options, request headers, etc.
On Tuesday, September 23, 2014, Robert Warner [email protected]
wrote:
I had a look as well and I think you are right. I am also seeing the same
behaviour in debug mode using wsgicors.—
Reply to this email directly or view it on GitHub
#67 (comment).
Sent from my mobile, please excuse spelling and brevity
from flask-cors.
Released 1.10.0 which addresses this issue for non-development mode configuration.
If I get some time in the future, I might find a hack around the short-coming for development mode. There is likely a way to handle it with some jerryrigging.
Thanks for the report and your help testing, very much appreciated!
Happy holidays,
Cory
from flask-cors.
I'm seeing the same behaviour that the OP of this question originally was (no Access-Control-Origin
header if my route throws an exception) on version 2.1.0 of flask-cors. Has there been a regression? Should this issue be reopened?
from flask-cors.
Thanks for writing in!
Is Flask.DEBUG == True? Currently, we cannot easily catch and intercept the error handler when an uncaught exception is thrown in development mode, since Flask's exception handling catches it further up-the-stack to show you an informational error page.
Cheers,
Cory.
from flask-cors.
No, we're seeing this behaviour whether or not debug mode is on. I'll have a play around after work tonight and confirm if I can trivially reproduce this with a fresh flask app; if not, I'll rip apart the one I'm using at work to figure out what's special about it and see if I can construct a small reproducible example.
from flask-cors.
Cause found: we were explicitly setting
app.config['PROPAGATE_EXCEPTIONS'] = True
which seems to stop flask-cors from working. I assume this is known and nontrivial to fix.
from flask-cors.
So, if I'm understanding right after sniffing around in the code a little, the issue is that with PROPAGATE_EXCEPTIONS set to True, exceptions don't get handled by Flask at all (and no Flask response object gets returned) but instead propagate up into the Werkzeug layer which handles them by creating its own responses without touching any more Flask code?
Hmm. Perhaps we need a werkzeug-cors
module.
from flask-cors.
Yep! I believe you are correct. I have never written a werkzeug middleware, but one of the goals of the architecture of flask-ocrs is that it should be possible to simply call out toe the methods in flask_cors.core
and pass the request method, headers and CORS options. If you have a chance to look at this, I would be honored to hear back about it.
E.G you would be able to pass the arguments to https://github.com/corydolphin/flask-cors/blob/master/flask_cors/core.py#L155. Let me know :-)
from flask-cors.
Related Issues (20)
- enforcing same origin policy with flask-cors HOT 14
- Next.JS API Call to Flask API POST Endpoint - `Access-Control-Allow-Credentials` is not set properly
- Package prints unexpected DEBUG messages when app runs HOT 2
- Unknown keyword arguments silently ignored HOT 2
- Want to know the next version update time. HOT 1
- Project is dead? HOT 2
- CORS partially fails when making requests with axios in React HOT 3
- Access to fetch at 'http://127.0.0.1:5000/account/summary' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. HOT 2
- v4.0.0 isn't in CHANGELOG.md HOT 1
- two releases 4.0.0 and v4.0.0 HOT 2
- All private network requests unintentionally allowed
- Random Access-Control-Allow-Origin value being returned if Origin request header is not provided HOT 1
- The `4.0.0` release is incorrectly marked as supporting Python 2
- Who to contact for security issues HOT 2
- appropriate citation for the module? HOT 3
- python 3.12 HOT 2
- CORS issue
- Read the Docs is configured to build from a non-existent branch HOT 2
- CVE-2024-1681 response/patching HOT 2
- Security Issue CVE-2024-1681 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-cors.