KPC
Kevin Powell - Community8mo ago
rikisann

Having problem with cors - Flask

Hi guys! I am trying to setup restrictions to only allow requests from a certain origin. This is how I have it currently setup but it still allows every request (testing with postman). 
app = Flask(__name__)

cors = CORS(app, origins=["https://vetai.vercel.app/"])


@app.route("/")
def home():
    return "Hello, world!"


@app.route("/prompt", methods=["POST"])
def prompt():
    return "prompt route"


if __name__ == "__main__":
    app.run(debug=True)
app = Flask(__name__)

cors = CORS(app, origins=["https://vetai.vercel.app/"])


@app.route("/")
def home():
    return "Hello, world!"


@app.route("/prompt", methods=["POST"])
def prompt():
    return "prompt route"


if __name__ == "__main__":
    app.run(debug=True)
No description
14 Replies
dotfortun
dotfortun8mo ago
I think this is because it isn't actually cross-origin, since both Postman and the service is running on localhost. I ran your example, and then tried to fetch from another origin and got this:
No description
rikisann
rikisann8mo ago
Hmm interesanchi Ima host the code on vercel and try it out
dotfortun
dotfortun8mo ago
Sounds like a plan!
rikisann
rikisann8mo ago
No description
rikisann
rikisann8mo ago
I tried it but still getting back the response Been thinking to just put an API key in env variables and send it in with requests and just run a normal if API key != api key
dotfortun
dotfortun8mo ago
That just got me thinking, and I don't know if this is up to date, but evidently Postman doesn't respect CORS.
rikisann
rikisann8mo ago
is that so so I could potentially access through postman stuff blocked out by cors? or stuff that actually matters has more security than that?
rikisann
rikisann8mo ago
No description
rikisann
rikisann8mo ago
Calling it through console gives me this error for some reason
dotfortun
dotfortun8mo ago
Hrm, one sec.
dotfortun
dotfortun8mo ago
I got this, so I am getting a cors error on my end.
No description
dotfortun
dotfortun8mo ago
CORS is intended to protect end users from leaking their cookies all over the internet, so it isn't actually a robust security measure for protecting your backend. For that you'd probably want to implement some sort of auth flow (flask-jwt-extended is pretty straightforward to implement), or at least use the API key method you described.
rikisann
rikisann8mo ago
Sounds good brudda. Thank you so much for the help
dotfortun
dotfortun8mo ago
Not a problem!
Want results from more Discord servers?
Add your server
More Posts
Mouse Interactions and Frontend helpI need help with three aspects of my web portfolio's about section, I am currently just going focus Need help with making text responsive!Make div "behave" like body elementConsidering this simple HTML: ```<html> <head> <title>My website</title> </head> Code at the top of the Javascript file works, but the ones beneath don't.Hello guys, i have a terrible problem. i had finished my Javascript code for a Sign-up page (which Need help with styling specific tags/elementsSo, i did achieve this design but now i was implementing it in a better way using grids and relativeIcons are not centered in half screenI have tried everything I know, but I'm a little rusty codepen: https://codepen.io/Zrizzy/pen/NWeQgGHow to found a good backgroundhey guys, someone knows how to find this tips of background pattern, I'm tired of just putting backgConform container size to centered grid contentHello! [In this Codepen](https://codepen.io/rileyrouth/pen/poqMPPR) I have a grid of items that usescan’t get my buttons to overlay the imagesHello, I have it setup so far where I click the first "Medieval" button, then two more images pop upthe icons aren't centeredI have tried everything I know, but I'm a little rusty <!DOCTYPE html> <html lang="en"> <head>