Skip to main content

A Quart extension to provide Cross Origin Resource Sharing, access control, support.

Project description

Build Status pypi python license

Quart-CORS is an extension for Quart to handle Cross Origin Resource Sharing, CORS (also known as access control).

CORS is required to share resources in browsers due to the Same Origin Policy which prevents resources being read and limits write actions from a different origin. An origin in this case is defined as the scheme, host and port combination.

In practice the Same Origin Policy means that a browser visiting http://quart.com will prevent the response of GET http://api.com being read. It will also prevent requests such as POST http://api.com. Note that embedding is allowed e.g. <img src="http://api.com/img.gif">.

CORS allows the server to indicate to the browser that certain resources can be used. It does so for GET requests by returning headers that indicate the origins that can use the resource whereas for other requests the browser will send a preflight OPTIONS request and then inspect the headers in the response.

Simple (GET) requests should return CORS headers specifying the allowed origins (which can be any origin, *) and whether credentials should be shared. If credentials can be shared the origins must be specific and not a wildcard.

Preflight requests should return CORS headers specifying the allowed origins, methods and headers in the request, whehter credentials should be shared and what response headers should be exposed.

Usage

To add CORS access control headers to all of the routes in the application, simply apply the cors function to the application,

app = Quart(__name__)
app = cors(app)

alternatively if you wish to add CORS selectively either apply the cors function to a blueprint or the route_cors function to a route,

blueprint = Blueprint(__name__)
blueprint = cors(blueprint)

@blueprint.route('/')
@route_cors()
async def handler():
    ...

In addition defaults can be specified in the application configuration,

Configuration key

type

QUART_CORS_ALLOW_CREDENTIALS

bool

QUART_CORS_ALLOW_HEADERS

Set[str]

QUART_CORS_ALLOW_METHODS

Set[str]

QUART_CORS_ALLOW_ORIGIN

Set[str]

QUART_CORS_EXPOSE_HEADERS

Set[str]

QUART_CORS_MAX_AGE

float

Both the cors and route_cors functions take these arguments,

Argument

type

allow_credentials

bool

allow_headers

Union[Set[str], str]

allow_methods

Union[Set[str], str]

allow_origin

Union[Set[str], str]

expose_headers

Union[Set[str], str]

max_age

Union[int, flot, timedelta]

Contributing

Quart-CORS is developed on GitLab. You are very welcome to open issues or propose merge requests.

Testing

The best way to test Quart-CORS is with Tox,

$ pipenv install tox
$ tox

this will check the code style and run the tests.

Help

This README is the best place to start, after that try opening an issue.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Quart-CORS-0.1.3.tar.gz (8.3 kB view hashes)

Uploaded Source

Built Distribution

Quart_CORS-0.1.3-py3-none-any.whl (6.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page