Having problem with cors - Flask
Hi guys! I am trying to setup restrictions to only allow requests from a certain origin. This is how I have it currently setup but it still allows every request (testing with postman).
14 Replies
I think this is because it isn't actually cross-origin, since both Postman and the service is running on localhost. I ran your example, and then tried to fetch from another origin and got this:
Hmm interesanchi
Ima host the code on vercel and try it out
Sounds like a plan!
I tried it but still getting back the response
Been thinking to just put an API key in env variables and send it in with requests and just run a normal if API key != api key
That just got me thinking, and I don't know if this is up to date, but evidently Postman doesn't respect CORS.
is that so
so I could potentially access through postman stuff blocked out by cors?
or stuff that actually matters has more security than that?
Calling it through console gives me this error for some reason
Hrm, one sec.
I got this, so I am getting a cors error on my end.
CORS is intended to protect end users from leaking their cookies all over the internet, so it isn't actually a robust security measure for protecting your backend. For that you'd probably want to implement some sort of auth flow (flask-jwt-extended is pretty straightforward to implement), or at least use the API key method you described.
Sounds good brudda. Thank you so much for the help
Not a problem!