A Quart extension to provide Cross Origin Resource Sharing, access control, support.
Project description
Quart-CORS is an extension for Quart to handle Cross Origin Resource Sharing, CORS (also known as access control).
CORS is required to share resources in browsers due to the Same Origin Policy which prevents resources being read and limits write actions from a different origin. An origin in this case is defined as the scheme, host and port combination.
In practice the Same Origin Policy means that a browser visiting http://quart.com will prevent the response of GET http://api.com being read. It will also prevent requests such as POST http://api.com. Note that embedding is allowed e.g. <img src="http://api.com/img.gif">.
CORS allows the server to indicate to the browser that certain resources can be used. It does so for GET requests by returning headers that indicate the origins that can use the resource whereas for other requests the browser will send a preflight OPTIONS request and then inspect the headers in the response.
Simple (GET) requests should return CORS headers specifying the allowed origins (which can be any origin, *) and whether credentials should be shared. If credentials can be shared the origins must be specific and not a wildcard.
Preflight requests should return CORS headers specifying the allowed origins, methods and headers in the request, whehter credentials should be shared and what response headers should be exposed.
Usage
To add CORS access control headers to all of the routes in the application, simply apply the cors function to the application,
app = Quart(__name__)
app = cors(app)
alternatively if you wish to add CORS selectively either apply the cors function to a blueprint or the route_cors function to a route,
blueprint = Blueprint(__name__)
blueprint = cors(blueprint)
@blueprint.route('/')
@route_cors()
async def handler():
...
In addition defaults can be specified in the application configuration,
Configuration key |
type |
QUART_CORS_ALLOW_CREDENTIALS |
bool |
QUART_CORS_ALLOW_HEADERS |
Set[str] |
QUART_CORS_ALLOW_METHODS |
Set[str] |
QUART_CORS_ALLOW_ORIGIN |
Set[str] |
QUART_CORS_EXPOSE_HEADERS |
Set[str] |
QUART_CORS_MAX_AGE |
float |
Both the cors and route_cors functions take these arguments,
Argument |
type |
allow_credentials |
bool |
allow_headers |
Union[Set[str], str] |
allow_methods |
Union[Set[str], str] |
allow_origin |
Union[Set[str], str] |
expose_headers |
Union[Set[str], str] |
max_age |
Union[int, flot, timedelta] |
Contributing
Quart-CORS is developed on GitLab. You are very welcome to open issues or propose merge requests.
Testing
The best way to test Quart-CORS is with Tox,
$ pipenv install tox
$ tox
this will check the code style and run the tests.
Help
This README is the best place to start, after that try opening an issue.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for Quart_CORS-0.1.1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 29d6e42d0ccec6a5b9d1c5b2dcb80d5e93efac740fe6cf5ff1b891ef67a36928 |
|
MD5 | cc5af656912b278f36ba40a9cb5bd9e3 |
|
BLAKE2b-256 | 43cc16fff1b566bb54722f098bd8ea51e896fddfe4f18d836ce08649719ee4ec |