I\'d like to make a response with the \"Access-Control-Allow-Origin\" header been set all by myself, while it\'s seems messing up to figure out where the \"HTTP_ORIGIN\" paramet
I'm using flask - 0.10.1, and the HTTP_ORIGIN
seems to be one of the attrs of this object
flask.request.environ
Here is what I got from print flask.request.environ
when handling a request:
{
"wsgi.multiprocess": false,
"HTTP_REFERER": "http://www.freemerce.com/product/77104116",
"SERVER_SOFTWARE": "Werkzeug/0.9.6",
"SCRIPT_NAME": "",
"REQUEST_METHOD": "GET",
"PATH_INFO": "/prod/sync_req",
"HTTP_ORIGIN": "http://www.freemerce.com",
"SERVER_PROTOCOL": "HTTP/1.1",
"QUERY_STRING": "",
"werkzeug.server.shutdown": "<function shutdown_server at 0x4060e60>",
"CONTENT_LENGTH": "",
"HTTP_USER_AGENT": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36",
"HTTP_CONNECTION": "keep-alive",
"SERVER_NAME": "0.0.0.0",
"REMOTE_PORT": 53690,
"wsgi.url_scheme": "http",
"SERVER_PORT": "80",
"werkzeug.request": "<Request http://192.168.0.10/prod/sync_req [GET]>",
"wsgi.input": "<socket._fileobject object at 0x405e1d0>",
"HTTP_DNT": "1",
"HTTP_HOST": "192.168.0.10:80",
"wsgi.multithread": false,
"HTTP_ACCEPT": "*/*",
"HTTP_RA_SID": "DB52333D-20140914-070803-53c316-5f3242",
"wsgi.version": "(1, 0)",
"wsgi.run_once": false,
"HTTP_RA_VER": "2.8.7",
"wsgi.errors": "<open file <stderr>, mode 'w' at 0x7f57d074c270>",
"REMOTE_ADDR": "192.168.0.131",
"HTTP_ACCEPT_LANGUAGE": "en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,ja;q=0.2,zh-TW;q=0.2",
"CONTENT_TYPE": "",
"HTTP_ACCEPT_ENCODING": "gzip, deflate, sdch"
}
This will get you the answer
from flask import request
...
if request.environ['HTTP_ORIGIN'] is not None:
print request.environ['HTTP_ORIGIN']
here is example :
from flask import request
...
allow_origin_list = ['https://example.com', 'http://example.com']
if 'HTTP_ORIGIN' in request.environ and request.environ['HTTP_ORIGIN'] in allow_origin_list:
response.headers.add('Access-Control-Allow-Origin', request.environ['HTTP_ORIGIN'] )
response.headers.add('Access-Control-Allow-Headers', 'access-control-allow-origin,content-type')
response.headers.add('Access-Control-Allow-Methods', 'GET,POST')