Specify domains for Flask-CORS
From the documentation of CORS: http://flask-cors.corydolphin.com/en/latest/api.html?highlight=origin#flask_cors.cross_origin
flask_cors.cross_origin(*args, **kwargs)
The origin, or list of origins to allow requests from. The origin(s)may be regular expressions, case-sensitive strings, or else anasterisk
So, here you need to give list
of string
. Like:
cross_origin(["http://www.domain1.com", "http://www.domain2.com"])
Notice here that you were giving all domain in a single string. But you needed to provide a list. Also notice that you provide Fully Qualified Domain Name (FQDN) as per RFC 6454 and W3C Recommendation.
You can also do something like this:
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
Here we're allowing every path in our app which starts with /api
. Depending on your requirement, you can define appropriate path here. Here you can also specify origins to a list of domains you want to enable CORS for.
Here is the link to the code I've written: https://github.com/Mozpacers/MozStar/
CORS doesn't do anything special; you just need to reply to the request with a special header which says that Access-Control-Allow-Origin
contains the domain request is coming from.
For pre-flight requests, you can see how you can reply with custom headers with Flask before_request and after_request decorators: https://github.com/CuriousLearner/TrackMyLinks/blob/master/src/server/views.py#L130