-
-
Save richard-flosi/3789163 to your computer and use it in GitHub Desktop.
""" | |
Example of setting up CORS with Bottle.py. | |
""" | |
from bottle import Bottle, request, response, run | |
app = Bottle() | |
@app.hook('after_request') | |
def enable_cors(): | |
""" | |
You need to add some headers to each request. | |
Don't use the wildcard '*' for Access-Control-Allow-Origin in production. | |
""" | |
response.headers['Access-Control-Allow-Origin'] = '*' | |
response.headers['Access-Control-Allow-Methods'] = 'PUT, GET, POST, DELETE, OPTIONS' | |
response.headers['Access-Control-Allow-Headers'] = 'Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token' | |
@app.route('/examples', method=['OPTIONS', 'GET']) | |
def examples(): | |
""" | |
If you are using something like Spine.js you'll need to | |
handle requests for the OPTIONS method. I haven't found a | |
DRY way to handle this yet. I tried setting up a hook for before_request, | |
but was unsuccessful for now. | |
""" | |
if request.method == 'OPTIONS': | |
return {} | |
else: | |
return {'examples': [{ | |
'id': 1, | |
'name': 'Foo'},{ | |
'id': 2, | |
'name': 'Bar'} | |
]} | |
if __name__ == '__main__': | |
from optparse import OptionParser | |
parser = OptionParser() | |
parser.add_option("--host", dest="host", default="localhost", | |
help="hostname or ip address", metavar="host") | |
parser.add_option("--port", dest="port", default=8080, | |
help="port number", metavar="port") | |
(options, args) = parser.parse_args() | |
run(app, host=options.host, port=int(options.port)) |
This code doesn't work for me unfortunately, I still see a "No 'Access-Control-Allow-Origin' header is present on the requested resource." error. I have localhost:4000 doing a POST to the Bottle server, on localhost:8080. Perhaps this is some sort of special case?
Which code are you using? Are there additional error messages? This post was from 8 years ago, so I'm not sure how relevant it is anymore.
My guess is that your request requires additional options set in Access-Control-Allow-Methods
and/or Access-Control-Allow-Headers
.
What does the request look like? What are the request headers? Is there something additional in the request headers that is missing from the response headers in your case?
No, I was wrong. The code on top does work. Thank you for your prompt response.
@bosborne cool. I'm glad something I created 8 years ago is still relevant. Funny how that works. :)
@stemid sorry I never responded to you or anyone else here before. I don't remember seeing any of these comments before or getting any notifications until yesterday.
Here is also good article about cors in bottle:
https://www.toptal.com/bottle/building-a-rest-api-with-bottle-framework