devbox
程序自动化专家
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

解决Flask跨域问题的几种方式_flask 跨域

作者:程序自动化专家 | 2024-01-29 08:38:30

flask 跨域
  • 本文收录于《Python开发》专栏,此专栏聚焦于Python开发中的编程技巧和总结,将持续更新,欢迎大家订阅!
  • 个人主页:有梦想的程序星空
  • 个人介绍:小编是人工智能领域硕士,全栈工程师,深耕Flask后端开发、数据挖掘、NLP、Android开发、自动化等领域,有较丰富的软件系统、人工智能算法服务的研究和开发经验。
  • 如果文章对你有帮助,欢迎关注点赞收藏订阅。

1、什么是跨域问题

        跨域是因为出于浏览器的同源策略限制。同源策略(Sameoriginpolicy)是一种约定,它是浏览器最核心也最基本的安全功能,如果缺少了同源策略,则浏览器的正常功能可能都会受到影响。可以说Web是构建在同源策略基础之上的,浏览器只是针对同源策略的一种实现。同源策略会阻止一个域的javascript脚本和另外一个域的内容进行交互。

        所谓同源(即指在同一个域)就是两个页面具有相同的协议(protocol),主机(host)和端口号(port)。

        跨域问题就是当一个请求url的协议、域名、端口三者之间任意一个与当前页面url不同时出现的问题。

2、问题描述

        当客户端向服务器端请求ajax服务时,如果客户端和服务器端域名不一致,就会出现跨域问题,ajax报错如下:

        No 'Access-Control-Allow-Origin' header is present on the requested

3、解决方式:

(1)安装flask_cors:

pip install flask_cors

app初始化的时候就加载配置,如下

  1. from flask import Flask
  2. from flask_cors import CORS
  3. app = Flask(__name__)
  4. # r'/*' 是通配符,让本服务器所有的 URL 都允许跨域请求
  5. CORS(app, resources=r'/*')
  6. if __name__ == "__main__":
  7.     app.run()

CORS参数说明

参数类型Head字段说明
resources字典、迭代器或字符串全局配置允许跨域的API接口
origins列表、字符串或正则表达式Access-Control-Allow-Origin配置允许跨域访问的源,
*表示全部允许
methods列表、字符串Access-Control-Allow-Methods配置跨域支持的请求方式,
如:GET、POST
expose_headers列表、字符串Access-Control-Expose-Headers自定义请求响应的Head信息
allow_headers列表、字符串或正则表达式Access-Control-Request-Headers配置允许跨域的请求头
supports_credentials布尔值Access-Control-Allow-Credentials是否允许请求发送cookie,
false是不允许
max_age整数、字符串Access-Control-Max-Age预检请求的有效时长
  1.  
  2. :param resources:
  3.     The series of regular expression and (optionally) associated CORS
  4.     options to be applied to the given resource path.
  5.  
  6.     If the argument is a dictionary, it's keys must be regular expressions,
  7.     and the values must be a dictionary of kwargs, identical to the kwargs
  8.     of this function.
  9.  
  10.     If the argument is a list, it is expected to be a list of regular
  11.     expressions, for which the app-wide configured options are applied.
  12.  
  13.     If the argument is a string, it is expected to be a regular expression
  14.     for which the app-wide configured options are applied.
  15.  
  16.     Default : Match all and apply app-level configuration
  17.  
  18. :type resources: dict, iterable or string
  19.  
  20. :param origins:
  21.     The origin, or list of origins to allow requests from.
  22.     The origin(s) may be regular expressions, case-sensitive strings,
  23.     or else an asterisk
  24.  
  25.     Default : '*'
  26. :type origins: list, string or regex
  27.  
  28. :param methods:
  29.     The method or list of methods which the allowed origins are allowed to
  30.     access for non-simple requests.
  31.  
  32.     Default : [GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE]
  33. :type methods: list or string
  34.  
  35. :param expose_headers:
  36.     The header or list which are safe to expose to the API of a CORS API
  37.     specification.
  38.  
  39.     Default : None
  40. :type expose_headers: list or string
  41.  
  42. :param allow_headers:
  43.     The header or list of header field names which can be used when this
  44.     resource is accessed by allowed origins. The header(s) may be regular
  45.     expressions, case-sensitive strings, or else an asterisk.
  46.  
  47.     Default : '*', allow all headers
  48. :type allow_headers: list, string or regex
  49.  
  50. :param supports_credentials:
  51.     Allows users to make authenticated requests. If true, injects the
  52.     `Access-Control-Allow-Credentials` header in responses. This allows
  53.     cookies and credentials to be submitted across domains.
  54.  
  55.     :note: This option cannot be used in conjuction with a '*' origin
  56.  
  57.     Default : False
  58. :type supports_credentials: bool
  59.  
  60. :param max_age:
  61.     The maximum time for which this CORS request maybe cached. This value
  62.     is set as the `Access-Control-Max-Age` header.
  63.  
  64.     Default : None
  65. :type max_age: timedelta, integer, string or None
  66.  
  67. :param send_wildcard: If True, and the origins parameter is `*`, a wildcard
  68.     `Access-Control-Allow-Origin` header is sent, rather than the
  69.     request's `Origin` header.
  70.  
  71.     Default : False
  72. :type send_wildcard: bool
  73.  
  74. :param vary_header:
  75.     If True, the header Vary: Origin will be returned as per the W3
  76.     implementation guidelines.
  77.  
  78.     Setting this header when the `Access-Control-Allow-Origin` is
  79.     dynamically generated (e.g. when there is more than one allowed
  80.     origin, and an Origin than '*' is returned) informs CDNs and other
  81.     caches that the CORS headers are dynamic, and cannot be cached.
  82.  
  83.     If False, the Vary header will never be injected or altered.
  84.  
  85.     Default : True
  86. :type vary_header: bool

(2)在被请求的Response header中加入header

  1. @app.after_request
  2. def func_res(resp):     
  3.     res = make_response(resp)
  4.     res.headers['Access-Control-Allow-Origin'] = '*'
  5.     res.headers['Access-Control-Allow-Methods'] = 'GET,POST'
  6.     res.headers['Access-Control-Allow-Headers'] = 'x-requested-with,content-type'
  7.     return res

(3)改成jsonp格式(不推荐)

在ajax请求里将数据类型改成jsonp,但是在返回数据的时候需要一个回调函数读取,而且jsonp只支持get方式,即使使用post方式,在调用的时候也会变成get方式,这带来安全性上的问题,并不推荐。

  1. $.ajax({
  2.         type:'POST',
  3.         url:'127.0.0.1:5000',
  4.         data:data,
  5.         dataType:'jsonp',//改成了jsonp格式,解决了跨域访问的问题
  6.         success:function(data){
  7.             console.log(data)
  8.         }

关注微信公众号【有梦想的程序星空】,了解软件系统和人工智能算法领域的前沿知识,让我们一起学习、一起进步吧!

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/article/detail/42340
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号