A Sanic extension adding a decorator for CORS support. Based on flask-cors by Cory Dolphin.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ashleysommer from gravatar.com ashleysommer

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

Build Status Latest Version Supported Python versions License

A Sanic extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. Based on flask-cors by Cory Dolphin.

This package has a simple philosophy, when you want to enable CORS, you wish to enable it for all use cases on a domain. This means no mucking around with different allowed headers, methods, etc. By default, submission of cookies across domains is disabled due to the security implications, please see the documentation for how to enable credential’ed requests, and please make sure you add some sort of CSRF protection before doing so!

December 2021 Notice: If you need compatibility with Sanic v21.12+, upgrade to Sanic-CORS v2.0

Sept 2021 Notice: Please upgrade to Sanic-CORS v1.0.1 if you need compatibility with Sanic v21.9,<21.12

Older Notice: Please upgrade to Sanic-CORS v1.0.0 if you need compatibility with Sanic v21.3+ (and don’t forget to replace SPF with SPTK) Please upgrade to Sanic-CORS v0.10.0 if you need compatibility with Sanic v19.12+. See here for more details.

Installation

Install the extension with using pip, or easy_install.

$ pip install -U sanic-cors

Usage

This package exposes a Sanic extension which by default enables CORS support on all routes, for all origins and methods. It allows parameterization of all CORS headers on a per-resource level. The package also contains a decorator, for those who prefer this approach.

Simple Usage

In the simplest case, initialize the Sanic-Cors extension with default arguments in order to allow CORS for all domains on all routes.

from sanic import Sanic
from sanic.response import text
from sanic_cors import CORS, cross_origin

app = Sanic(__name__)
CORS(app)

@app.route("/", methods=['GET', 'OPTIONS'])
def hello_world(request):
  return text("Hello, cross-origin-world!")

Resource specific CORS

Alternatively, you can specify CORS options on a resource and origin level of granularity by passing a dictionary as the resources option, mapping paths to a set of options.

app = Sanic(__name__)
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})

@app.route("/api/v1/users", methods=['GET', 'OPTIONS'])
def list_users(request):
  return text("user example")

Route specific CORS via decorator

This extension also exposes a simple decorator to decorate sanic routes with. Simply add @cross_origin(app) below a call to Sanic’s @app.route(..) to allow CORS on a given route.

@app.route("/", methods=['GET', 'OPTIONS'])
@cross_origin(app)
def hello_world(request):
  return text("Hello, cross-origin-world!")

Sanic-Ext Usage

Sanic-CORS can use Sanic-Ext to load the plugin for you. (But you need to make sure to disable the built-in sanic-ext CORS support too)

from sanic import Sanic
from sanic.response import text
from sanic_ext import Extend
from sanic_cors.extension import CORS
app = Sanic(__name__)
CORS_OPTIONS = {"resources": r'/*', "origins": "*", "methods": ["GET", "POST", "HEAD", "OPTIONS"]}
# Disable sanic-ext built-in CORS, and add the Sanic-CORS plugin
Extend(app, extensions=[CORS], config={"CORS": False, "CORS_OPTIONS": CORS_OPTIONS})

@app.route("/", methods=['GET', 'OPTIONS'])
def hello_world(request):
  return text("Hello, cross-origin-world!")

Documentation

For a full list of options, please see the flask-cors documentation.

Preflight Requests

CORS requests have to send pre-flight requests via the options method, Sanic by default only allows the GET method, in order to service your CORS requests you must specify OPTIONS in the methods argument to your routes decorator.

Sanic-CORS includes an automatic_options configuration parameter to allow the plugin handle the OPTIONS response automatically for you. This is enabled by default, but you can turn it off if you wish to do your own OPTIONS response.

CORS(app, automatic_options=True)

@app.delete('/api/auth')
@auth.login_required
async def auth_logout(request):
auth.logout_user(request)
    return json(None, status=OK)

or with the app config key:

app = Sanic(__name__)
app.config['CORS_AUTOMATIC_OPTIONS'] = True

CORS(app)

@app.delete('/api/auth')
@auth.login_required
async def auth_logout(request):
    auth.logout_user(request)
    return json(None, status=OK)

or directly on the route with the cross_origin decorator:

@app.route('/api/auth', methods={'DELETE','OPTIONS'})
@auth.login_required
@cross_origin(app, automatic_options=True)
async def auth_logout(request):
    auth.logout_user(request)
    return json(None, status=OK)

Note: For the third example, you must use @route(), rather than @delete() because you need to enable both DELETE and OPTIONS to work on that route, even though the decorator is handling the OPTIONS response.

Tests

A simple set of tests is included in test/. To run, install nose, and simply invoke nosetests or python setup.py test to exercise the tests.

Contributing

Questions, comments or improvements? Please create an issue on Github. I do my best to include every contribution proposed in any way that I can.

Credits

This Sanic extension is based upon the Decorator for the HTTP Access Control written by Armin Ronacher.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ashleysommer from gravatar.com ashleysommer

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

2.2.0

2.2.0b1 pre-release

This version

2.1.0

2.0.1

2.0.0

1.0.1

1.0.0

0.10.0.post3

0.10.0.post2

0.10.0.post1

0.10.0

0.10.0b1 pre-release

0.9.9.post4

0.9.9.post3

0.9.9.post2

0.9.9.post1

0.9.9

0.9.8.post3

0.9.8.post2

0.9.8.post1

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9.0

0.6.0.2

0.6.0.1

0.6.0.0

0.5.4.2

0.5.4.1

0.5.1.0

0.4.1.4

0.4.1.2

0.4.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Sanic-Cors-2.1.0.tar.gz (33.3 kB view details)

Uploaded Source

Built Distribution

Sanic_Cors-2.1.0-py2.py3-none-any.whl (17.7 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file Sanic-Cors-2.1.0.tar.gz.

File metadata

  • Download URL: Sanic-Cors-2.1.0.tar.gz
  • Upload date:
  • Size: 33.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/3.7.3 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.8.10

File hashes

Hashes for Sanic-Cors-2.1.0.tar.gz
Algorithm Hash digest
SHA256 629d0e2c2ca6f79b98fde0b0f522140d1c97a8d727738b5191ffa074a5b7d52b
MD5 3d588c2e144b38965a1476bc4922ab84
BLAKE2b-256 6625e23890520e871a611d369db0c36772135673827406940ef66b21095716ae

See more details on using hashes here.

Provenance

File details

Details for the file Sanic_Cors-2.1.0-py2.py3-none-any.whl.

File metadata

  • Download URL: Sanic_Cors-2.1.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 17.7 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/3.7.3 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.8.10

File hashes

Hashes for Sanic_Cors-2.1.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 d126bba3d51a88548e5079d2348f5667e6a67991503cd20973b46da066f43cf4
MD5 b6b7959f6299fe6a51cf6314d310e60e
BLAKE2b-256 f4ffcf8b135f827e0766118283836307565ecb48087c1353ecfd14a686ff76f5

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page