Angular 的 Flask RESTful 跨域问题:PUT、OPTIONS 方法 [英] Flask RESTful cross-domain issue with Angular: PUT, OPTIONS methods

问题描述

我开发了一个带有 Flask Restful 的小型只写 REST api，它接受来自少数可能具有更改 IP 地址的客户端的 PUT 请求.我的客户端是运行 AngularJS 前端的嵌入式 Chromium 客户端；他们使用一个简单的魔法密钥对我的 API 进行身份验证——这对于我非常有限的规模来说已经足够了.

I've developed a small write-only REST api with Flask Restful that accepts PUT request from a handful of clients that can potentially have changing IP addresses. My clients are embedded Chromium clients running an AngularJS front-end; they authenticate with my API with a simple magic key -- it's sufficient for my very limited scale.

我现在正在测试部署我的 API，我注意到 Angular 客户端正在尝试向我的 Flask 服务发送一个 OPTIONS http 方法.同时我的 API 正在回复 404(因为我还没有编写 OPTIONS 处理程序，只有一个 PUT 处理程序).似乎在发送不是 POST 或 GET 的跨域请求时，Angular 会在服务器上发送一个 pre-flight OPTIONS 方法，以确保在发送实际请求之前接受跨域请求.是吗?

I'm testing deploying my API now and I notice that the Angular clients are attempting to send an OPTIONS http methods to my Flask service. My API meanwhile is replying with a 404 (since I didn't write an OPTIONS handler yet, only a PUT handler). It seems that when sending cross-domain requests that are not POST or GET, Angular will send a pre-flight OPTIONS method at the server to make sure the cross-domain request is accepted before it sends the actual request. Is that right?

无论如何，我如何允许对 Flask Restful API 的所有跨域 PUT 请求?我之前使用过带有(非 Restful)Flask 实例的跨域装饰器，但是我是否需要将 OPTIONS 处理程序也写入我的 API 中?

Anyway, how do I allow all cross-domain PUT requests to Flask Restful API? I've used cross-domaion decorators with a (non-restful) Flask instance before, but do I need to write an OPTIONS handler as well into my API?

推荐答案

我通过重写我的 Flask 后端以在我的 PUT 响应中使用 Access-Control-Allow-Origin 标头进行回答来解决该问题.此外，我在 Flask 应用程序中创建了一个 OPTIONS 处理程序，以按照我在 http RFC 中阅读的内容来回答 options 方法.

I resolved the issue by rewriting my Flask backend to answer with an Access-Control-Allow-Origin header in my PUT response. Furthermore, I created an OPTIONS handler in my Flask app to answer the options method by following what I read in the http RFC.

PUT 方法的返回如下所示:

The return on the PUT method looks like this:

return restful.request.form, 201, {'Access-Control-Allow-Origin': '*'} 

我的 OPTIONS 方法处理程序如下所示:

My OPTIONS method handler looks like this:

def options (self):
    return {'Allow' : 'PUT' }, 200, \
    { 'Access-Control-Allow-Origin': '*', \
      'Access-Control-Allow-Methods' : 'PUT,GET' }

@tbicr 是对的:Flask 确实会自动为您回答 OPTIONS 方法.但是，在我的情况下，它没有传输带有该答案的 Access-Control-Allow-Origin 标头，因此我的浏览器收到了来自 api 的回复，这似乎暗示不允许跨域请求.我在我的案例中重载了选项请求并添加了 ACAO 标头，浏览器似乎对此感到满意，并使用 PUT 跟进 OPTIONS 也有效.

@tbicr is right: Flask DOES answer the OPTIONS method automatically for you. However, in my case it wasn't transmitting the Access-Control-Allow-Origin header with that answer, so my browser was getting a reply from the api that seemed to imply that cross-domain requests were not permitted. I overloaded the options request in my case and added the ACAO header, and the browser seemed to be satisfied with that, and followed up OPTIONS with a PUT that also worked.

这篇关于Angular 的 Flask RESTful 跨域问题:PUT、OPTIONS 方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！